Grafana News Articles

CVE-2025-41115: A Maximum-Severity Privilege Escalation Vulnerability in the Grafana SCIM Component  | SOC Prime

Explore details for CVE-2025-41115 in Grafana SCIM, leading to impersonation and privilege escalation, with an overview on our SOC Prime blog.

1 week ago

Grafana Flags Critical SCIM Vulnerability CVE-2025-41115

Grafana warns of a critical SCIM flaw, CVE-2025-41115, that may allow admin impersonation. Organizations are urged to review SCIM and SAML mappings immediately.

1 week ago

Critical Grafana Vulnerability Let Attackers Escalate Privilege

Grafana Labs disclosed a security flaw affecting Grafana Enterprise that could allow attackers to escalate privileges and impersonate users.

2 weeks ago

Grafana warns of max severity admin spoofing vulnerability

Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation.

2 weeks ago

Grafana warns of max severity admin spoofing vulnerability

Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation.

2 weeks ago

Critical Grafana Flaw Lets Attackers Escalate Privileges

Grafana Labs, a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate users.

2 weeks ago

Critical Grafana Flaw Lets Attackers Escalate Privileges

Grafana Labs, a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate users.

2 weeks ago

46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks

A critical vulnerability affecting over 46,000 publicly accessible Grafana instances worldwide, with 36% of all public-facing deployments vulnerable.

Over 46,000 Grafana instances exposed to account takeover bug

More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover.

Cyber Security News Today | Articles on Cyber Security, Malware Attack updates | Cyware

Cyber News - Check out top news and articles about cyber security, malware attack updates and more at Cyware.com. Our machine learning based curation engine brings you the top and relevant cyber security content. Read More!

Grafana Zero-Day Vulnerability Allows Attackers to Redirect Users to Malicious Sites

The High-severity XSS vulnerability has been discovered in Grafana, prompting the immediate release of security patches.

Critical Grafana 0-Day Flaw Enables Attackers to Redirect Users to Malicious Sites

The flaw, which carries a CVSS v3.1 base score of 7.6 (High), was made public before the scheduled disclosure, prompting the company to expedite its patch rollout.

CVE-2025-3260

Grafana Labs reports: During the development of a new feature in Grafana 11.6.x, a security vulnerability was introduced that allows for Viewers and Editors to bypass dashboard-specific permissions. As a result, users with the Viewer role could view all the dashboards within their org an...

Grafana critical vulnerability risks remote code execution

The experimental SQL Expressions feature contains a flaw due to insufficient query sanitization.

Grafana security release: Critical severity fix for CVE-2024-9264 | Grafana Labs

Today we rolled out patch releases for Grafana 11.0.x, 11.1.x, and 11.2.x that include a critical severity security fix. If you are affected, we recommend that you install newly released versions.

Grafana security release: Medium severity fix for CVE-2024-8118 | Grafana Labs

Today we are releasing Grafana 11.2.1, 11.1.6, 11.0.5, 10.4.9, and 10.3.10, which include a medium severity security fix. If you are affected, we recommend that you install newly released versions.