| Reporter | Title | Published | Views | Family All 43 |
|---|---|---|---|---|
| Exploit for CVE-2025-41115 | 3 Dec 202513:44 | – | githubexploit | |
| February Linux Patch Wednesday | 20 Feb 202616:20 | – | avleonov | |
| The vulnerability of the SCIM implementation in the Grafana monitoring and observation platform allows a perpetrator to gain unauthorized access to the platform. | 24 Nov 202500:00 | – | bdu_fstec | |
| CVE-2025-41115 | 20 Nov 202502:31 | – | circl | |
| Grafana 安全漏洞 | 21 Nov 202500:00 | – | cnnvd | |
| CVE-2025-41115 | 21 Nov 202514:25 | – | cve | |
| CVE-2025-41115 Incorrect privilege assignment | 21 Nov 202514:25 | – | cvelist | |
| EUVD-2025-198492 | 21 Nov 202515:31 | – | euvd | |
| Grafana Incorrect Privilege Assignment vulnerability | 21 Nov 202515:31 | – | github | |
| Incorrect privilege assignment | 19 Nov 202500:00 | – | grafana |
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(276746);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/03");
script_cve_id("CVE-2025-41115");
script_xref(name:"IAVB", value:"2025-B-0198-S");
script_name(english:"Grafana Enterprise SCIM Provisioning Privilege Escalation (CVE-2025-41115)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a security update.");
script_set_attribute(attribute:"description", value:
"SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage
users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM
provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised
SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs
and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions
are met: - `enableSCIM` feature flag set to true - `user_sync_enabled` config option in the `[auth.scim]` block set to
true.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://grafana.com/blog/2025/11/19/grafana-enterprise-security-update-critical-severity-security-fix-for-cve-2025-41115/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8fc588a4");
script_set_attribute(attribute:"solution", value:
"Upgrade to Grafana Enterprise version 12.0.6, 12.1.3, 12.2.1, 12.3.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-41115");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/11/19");
script_set_attribute(attribute:"patch_publication_date", value:"2025/11/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/25");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:grafana:grafana");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("grafana_labs_detect.nbin");
script_require_keys("installed_sw/Grafana Labs", "Settings/ParanoidReport");
script_require_ports("Services/www", 3000);
exit(0);
}
include('vcf.inc');
include('http.inc');
var port = get_http_port(default:3000);
var app_info = vcf::get_app_info(app:'Grafana Labs', port:port, webapp:TRUE);
# Can't determine if SCIM or user_sync_enabled is enabled/configured
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# Only Grafana Enterprise is affected
if (empty_or_null(app_info['Edition']) || app_info['Edition'] !~ "Enterprise")
vcf::audit(app_info);
var constraints = [
{ 'min_version' : '12.0.0', 'fixed_version' : '12.0.6' },
{ 'min_version' : '12.1.0', 'fixed_version' : '12.1.3' },
{ 'min_version' : '12.2.0', 'fixed_version' : '12.2.1' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation