Grafana fixed a major security vulnerability (CVE-2025-41115) in its SCIM component that could enable user impersonation or privilege escalation. The flaw affects versions 12.0.0 to 12.2.1 with specific configurations enabled. Users should update to the latest versions to protect against this risk.

Grafana Labs has released critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent to address four significant vulnerabilities in Chromium that could lead to remote code execution and memory corruption. Users are urged to update to the latest versions promptly to mitigate potential risks. Grafana Cloud instances have already been patched, alleviating the need for action from users of the managed service.