Description

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator exists 2. The Server administrator is either: - Not part of any organization, or - Part of the same organization as the Organization administrator Impact: - Organization administrators can permanently delete Server administrator accounts - If the only Server administrator is deleted, the Grafana instance becomes unmanageable - No super-user permissions remain in the system - Affects all users, organizations, and teams managed in the instance The vulnerability is particularly serious as it can lead to a complete loss of administrative control over the Grafana instance.

INFO

Published Date :

2025-05-23T13:44:45.974Z

Last Modified :

2025-07-17T10:28:18.011Z

Source :

GRAFANA
AFFECTED PRODUCTS

The following products are affected by CVE-2025-3580 vulnerability.

Vendors Products
Grafana
  • Grafana
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-3580.

URL Resource
https://grafana.com/security/security-advisories/cve-2025-3580/ cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-3580 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-3580 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact