CVE-2025-41115: A Maximum-Severity Privilege Escalation Vulnerability in the Grafana SCIM Component 

A critical Grafana SCIM vulnerability (CVE-2025-41115, CVSS 10.0) affects Grafana Enterprise 12.0.0–12.2.1 when SCIM provisioning is enabled and user_sync_enabled is set; a malicious SCIM client can provision a numeric externalId that maps to internal user IDs, potentially allowing user impersonation or admin privilege escalation. Grafana has released urgent patches and organizations are advised to update immediately to mitigate the risk.