Information Exposure in Grafana Databricks Datasource Plugin from Grafana
CVE-2025-41116

2.1LOW

Key Information:

Vendor: Grafana Labs
Status: Grafana Databricks Datasource Plugin
Vendor: CVE Published:; 11 November 2025

🔔 Create Grafana Labs Vulnerability Alert

What is CVE-2025-41116?

The Grafana Databricks Datasource Plugin has a vulnerability that arises when OAuth passthrough is enabled. In a scenario where multiple users utilize the same data source simultaneously on a single Grafana instance, it may inadvertently return data intended for one user to another. This occurs due to the incorrect user identifier being applied, leading to unauthorized access to sensitive information.

Affected Version(s)

Grafana Databricks Datasource Plugin 1.6.0 < 1.12.1

References

https://grafana.com/security/security-advisories/cve-2025...

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 16, 2025

JSON