Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Grafana Enterprise security update for CVE-2025-41115

Security Patch Release
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

Grafana released security updates for CVE-2025-41115, a CVSS 10.0 flaw in Grafana Enterprise that could enable user impersonation or privilege escalation. The issue affects Grafana Enterprise 12.0.0 to 12.2.1 when SCIM provisioning is enabled and configured. Grafana said users should apply the patches as soon as possible to reduce risk.

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Grafana Labs Says GitHub hit by cyberattack

Incident
First: 17.05.2026 10:13 Last: 17.05.2026 10:13 Sources 1

About this happening: A **Grafana Labs** incident was later tied to the **Mini Shai-Hulud** supply-chain campaign against **TanStack npm packages**. Grafana said an unauthorized party used a token to a...

Open Happening

Progress Software security patch release for CVE-2026-4670

Security Patch Release
First: 04.05.2026 19:34 Last: 04.05.2026 19:34 Sources 1

About this happening: **Progress Software** has released **MOVEit Automation** updates to fix **CVE-2026-4670** and **CVE-2026-5174**, including a **critical authentication bypass** that could expose e...

Open Happening

Grafana AI image-renderer prompt injection patch (GrafanaGhost)

Security Patch Release
First: 07.04.2026 22:52 Last: 07.04.2026 22:52 Sources 1

About this happening: **Grafana** has **patched** the **GrafanaGhost** flaw in its **image renderer** and **Markdown component**, closing an AI prompt-injection path that could have exposed **sensitive...

Open Happening

Citrix security patch release for CVE-2026-3055

Security Patch Release
First: 24.03.2026 07:59 Last: 24.03.2026 07:59 Sources 1

About this happening: Citrix's **NetScaler ADC** and **NetScaler Gateway** updates close **CVE-2026-3055** and **CVE-2026-4368**, including a flaw that could leak sensitive memory from configured appli...

Open Happening

Timeline

  1. 21.11.2025 17:40 1 articles · 6mo ago

    Grafana discovers CVE-2025-41115 during internal audit

    Technical Analysis Update

    Grafana identified CVE-2025-41115 during internal audit and testing on November 4, 2025. The SCIM identity-handling flaw in Grafana Enterprise 12.x could let a malicious or compromised SCIM client provision a user with a numeric externalId, override internal user IDs, and potentially cause impersonation or privilege escalation when SCIM provisioning is enabled and configured.

    Show sources
    Open in new tab
  2. 21.11.2025 17:40 2 articles · 6mo ago

    Grafana releases fixes for CVE-2025-41115

    Mitigation Patch Update

    Grafana released security updates for CVE-2025-41115 to address a CVSS 10.0 SCIM flaw in Grafana Enterprise 12.x that can enable user impersonation or privilege escalation. The affected range is Grafana Enterprise 12.0.0 to 12.2.1, and fixed builds include Grafana Enterprise 12.0.6+security-01, 12.1.3+security-01, 12.2.1+security-01, and 12.3.0; affected users are advised to apply the patches as soon as possible.

    Show sources
    Open in new tab