Find notable cyber news and cases, enriched with sources, timelines, and signals.

Grafana Enterprise security update for CVE-2025-41115

Security Patch Release
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

Grafana released security updates for CVE-2025-41115, a CVSS 10.0 flaw in Grafana Enterprise that could enable user impersonation or privilege escalation. The issue affects Grafana Enterprise 12.0.0 to 12.2.1 when SCIM provisioning is enabled and configured. Grafana said users should apply the patches as soon as possible to reduce risk.

Related Happenings

Veeam security patch release for CVE-2026-44963

Security Patch Release
H score79 First: 09.06.2026 17:27 Last: 09.06.2026 17:27 Sources 1

About this happening: **Veeam** released security updates for **Veeam Backup & Replication** to fix **CVE-2026-44963**, a critical flaw that could enable **remote code execution** on **domain-joined ba...

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Grafana Labs Says GitHub hit by cyberattack

Incident
H score70 First: 17.05.2026 10:13 Last: 17.05.2026 10:13 Sources 1

About this happening: A **Grafana Labs** incident was later tied to the **Mini Shai-Hulud** supply-chain campaign against **TanStack npm packages**. Grafana said an unauthorized party used a token to a...

Progress Software security patch release for CVE-2026-4670

Security Patch Release
H score44 First: 04.05.2026 19:34 Last: 04.05.2026 19:34 Sources 1

About this happening: **Progress Software** has released **MOVEit Automation** updates to fix **CVE-2026-4670** and **CVE-2026-5174**, including a **critical authentication bypass** that could expose e...

Grafana AI image-renderer prompt injection patch (GrafanaGhost)

Security Patch Release
H score17 First: 07.04.2026 22:52 Last: 07.04.2026 22:52 Sources 1

About this happening: **Grafana** has **patched** the **GrafanaGhost** flaw in its **image renderer** and **Markdown component**, closing an AI prompt-injection path that could have exposed **sensitive...

Timeline

  1. 21.11.2025 17:40 1 articles · 7mo ago

    Grafana discovers CVE-2025-41115 during internal audit

    Technical Analysis Update

    Grafana identified CVE-2025-41115 during internal audit and testing on November 4, 2025. The SCIM identity-handling flaw in Grafana Enterprise 12.x could let a malicious or compromised SCIM client provision a user with a numeric externalId, override internal user IDs, and potentially cause impersonation or privilege escalation when SCIM provisioning is enabled and configured.

    Show sources
  2. 21.11.2025 17:40 2 articles · 7mo ago

    Grafana releases fixes for CVE-2025-41115

    Mitigation Patch Update

    Grafana released security updates for CVE-2025-41115 to address a CVSS 10.0 SCIM flaw in Grafana Enterprise 12.x that can enable user impersonation or privilege escalation. The affected range is Grafana Enterprise 12.0.0 to 12.2.1, and fixed builds include Grafana Enterprise 12.0.6+security-01, 12.1.3+security-01, 12.2.1+security-01, and 12.3.0; affected users are advised to apply the patches as soon as possible.

    Show sources