CVE Alert: CVE-2025-3580
Vulnerability Summary: CVE-2025-3580
An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator exists 2. The Server administrator is either: – Not part of any organization, or – Part of the same organization as the Organization administrator Impact: – Organization administrators can permanently delete Server administrator accounts – If the only Server administrator is deleted, the Grafana instance becomes unmanageable – No super-user permissions remain in the system – Affects all users, organizations, and teams managed in the instance The vulnerability is particularly serious as it can lead to a complete loss of administrative control over the Grafana instance.
Affected Endpoints:
No affected endpoints listed.
Published Date:
5/23/2025, 2:15:28 PM
⚠️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
