Grafana Labs announced a critical security update for Grafana Enterprise versions 12.0.0 to 12.2.1, addressing a vulnerability identified as CVE-2025-41115 in the SCIM (System for Cross-domain Identity Management) provisioning feature. This issue, which could lead to privilege escalation or user impersonation, arises when specific configurations such as the enableSCIM feature flag and user_sync_enabled option are set to true, allowing a compromised SCIM client to override internal user IDs. With a CVSS score of 10.0, indicating critical severity, Grafana Labs has released patched versions of Grafana Enterprise and applied appropriate fixes to Grafana Cloud, ensuring that services like Amazon Managed Grafana and Azure Managed Grafana are secure. This vulnerability does not affect Grafana OSS users. The company has urged users of affected versions to upgrade immediately and has provided detailed incident timelines and guidelines for reporting security issues, emphasizing non-disclosure until fixes are implemented and announced.