Grafana has released security updates to address a maximum
severity security flaw that could allow privilege escalation or
user impersonation under certain configurations. The vulnerability,
tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides
in the System for Cross-domain Identity Management (SCIM) component
that allows automated user provisioning and management. First
Read more https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html
