Grafana Labs Company CyberSecurity Posture

grafana.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Grafana Labs provides an open and composable observability stack built around Grafana, the leading open source technology for dashboards and visualization. There are 5,000+ Grafana Labs customers, including Bloomberg, Citigroup, Dell Technologies, Salesforce, and TomTom, and 25M+ Grafana users around the world. Grafana Labs helps companies achieve their observability goals with the LGTM Stack, which features scalable metrics (Grafana Mimir), logs (Grafana Loki), and traces (Grafana Tempo) as well as extensive enterprise data source plugins, dashboard management, alerting, reporting, and security. The fully managed Grafana Cloud offering helps organizations get observability up and running easier and faster, with turnkey solutions for Kubernetes and infrastructure monitoring, incident response management, load testing, application observability, and more. Grafana Labs is backed by leading investors Lightspeed Venture Partners, Lead Edge Capital, GIC, Sequoia Capital, Coatue, J.P. Morgan, and CapitalG. Follow Grafana Labs on LinkedIn and Twitter or visit grafana.com.

Grafana Labs A.I CyberSecurity Scoring

Grafana Labs

Company Details

Linkedin ID:

grafana-labs

Website:

https://grafana.com

Employees number:

1,742

Number of followers:

254,049

NAICS:

5112

Industry Type:

Software Development

Homepage:

grafana.com

IP Addresses:

Scan still pending

Company ID:

GRA_1527465

Scan Status:

In-progress

AI scoreGrafana Labs Risk Score (AI oriented)

Between 750 and 799

https://images.rankiteo.com/companyimages/grafana-labs.jpeg
Grafana Labs Software Development
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreGrafana Labs Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/grafana-labs.jpeg
Grafana Labs Software Development
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Grafana Labs

Fair
Current Score
761
Baa (Fair)
01000
2 incidents
-3.5 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
761
NOVEMBER 2025
765
Vulnerability
04 Nov 2025 • Grafana Labs
Grafana Enterprise Privilege Escalation Vulnerability (CVE-2025-41115)

Grafana Labs disclosed a critical vulnerability (CVE-2025-41115) in its **Grafana Enterprise** product, enabling privilege escalation or impersonation of administrators when **SCIM provisioning** is misconfigured. The flaw arises from improper mapping of the `externalId` SCIM attribute to Grafana’s internal `user.uid`, allowing attackers to assign numeric IDs (e.g., `"1"`) to provisioned users, effectively granting them admin-level access. While exploitation requires both `enableSCIM` and `user_sync_enabled` to be active—a feature in *Public Preview*—the risk is severe due to Grafana’s widespread use across enterprises for data visualization and monitoring.The vulnerability affects versions **12.0.0 to 12.2.1** (excluding OSS and patched Cloud services). Grafana Labs confirmed no active exploitation in its Cloud environment but urged self-managed users to upgrade to versions **12.3.0, 12.2.1, 12.1.3, or 12.0.6** or disable SCIM. The flaw was internally discovered on **November 4**, patched within 24 hours, and publicly disclosed on **November 19**. Prior scanning activity for older Grafana flaws (e.g., path traversal) suggests potential reconnaissance for targeting this new vulnerability.Failure to patch could allow attackers to **compromise administrative accounts**, leading to unauthorized dashboard access, data manipulation, or lateral movement within enterprise networks. Given Grafana’s role in operational analytics, exploitation could disrupt monitoring, alerting, or compliance reporting, with cascading effects on security posture and incident response.

760
critical -5
GRA2792027112125
Incident Details -
Type
Vulnerability Privilege Escalation Impersonation
Attack Vector
Network SCIM Provisioning Misconfiguration
Vulnerability Exploited
CVE-2025-41115 (Improper Mapping of SCIM 'externalId' to Internal 'user.uid')
Impact
Grafana Enterprise (Self-Managed) Potential Unauthorized Administrative Access Impersonation Risk Potential Erosion of Trust Due to Privilege Escalation Risk
Response
Patch Deployment (Grafana Enterprise 12.3.0, 12.2.1, 12.1.3, 12.0.6) Disabling SCIM Provisioning Software Updates Configuration Changes (Disabling SCIM) Public Security Bulletin Customer Advisories
Lessons Learned
Importance of Secure Default Configurations for Preview Features Rapid Patch Deployment for Critical Vulnerabilities Proactive Monitoring for Exploitation Attempts (e.g., GreyNoise Scanning Activity)
Recommendations
Upgrade Grafana Enterprise to patched versions (12.3.0, 12.2.1, 12.1.3, or 12.0.6) immediately. Disable SCIM provisioning if not required. Monitor for unusual SCIM-related activity or privilege escalation attempts. Review and audit user provisioning workflows, especially for identity management integrations.
Investigation Status
Resolved (No Evidence of Exploitation in Grafana Cloud)
Customer Advisories
Public security bulletin issued with mitigation steps
Stakeholder Advisories
Customers advised to apply patches or disable SCIM
Post Incident Analysis
Improper mapping of SCIM 'externalId' to internal 'user.uid' in Grafana Enterprise Insufficient validation of numeric 'externalId' values during user provisioning Preview feature (SCIM) enabled without robust safeguards Released patched versions (12.3.0, 12.2.1, 12.1.3, 12.0.6) with fixed SCIM provisioning logic Enhanced input validation for SCIM attributes Proactive communication to customers about risk and mitigations
References
Blog URL Source URL
OCTOBER 2025
765
SEPTEMBER 2025
765
AUGUST 2025
765
JULY 2025
765
JUNE 2025
764
MAY 2025
766
Vulnerability
21 May 2025 • Grafana Labs
Grafana Ghost Vulnerability (CVE-2025-4123)

More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. The flaw, tracked as CVE-2025-4123, impacts multiple versions of the open-source platform used for monitoring and visualizing infrastructure and application metrics. Despite security updates released on May 21, a significant number of instances remain vulnerable, posing a risk to user sessions and account credentials.

764
critical -2
GRA600061525
Incident Details -
Type
Vulnerability Exploitation
Attack Vector
Client-side open redirect
Vulnerability Exploited
CVE-2025-4123
Motivation
Account takeover, execution of malicious plugins
Impact
Systems Affected: 46,506 Grafana instances
Response
Remediation Measures: Upgrade to patched versions: 10.4.18+security-01, 11.2.9+security-01, 11.3.6+security-01, 11.4.4+security-01, 11.5.4+security-01, 11.6.1+security-01, and 12.0.0+security-01
Lessons Learned
Regularly update and patch software to mitigate vulnerabilities.
Recommendations
Upgrade to the latest patched versions of Grafana.
Post Incident Analysis
Root Causes: Unpatched software, lack of awareness about the vulnerability Corrective Actions: Apply security patches, increase user awareness about updates
References
Blog URL Source URL
APRIL 2025
766
MARCH 2025
766
FEBRUARY 2025
766
JANUARY 2025
766

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Grafana Labs is 761, which corresponds to a Fair rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 765.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 765.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 765.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 765.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 765.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 764.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 766.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 766.

Over the past 12 months, the average per-incident point impact on Grafana Labs’s A.I Rankiteo Cyber Score has been -3.5 points.

You can access Grafana Labs’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/grafana-labs.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Grafana Labs’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/grafana-labs.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.