A vulnerability classified as very critical has been found in Grafana Enterprise and Cloud. Affected is the function
user_sync_enabled of the component SCIM Provisioning. Performing manipulation results in Remote Code Execution.
This vulnerability is known as CVE-2025-41115. Access to the local network is required for this attack. No exploit is available.
It is recommended to upgrade the affected component.
