CVE-2025-41116

Published: Nov 11, 2025

Modified: Nov 19, 2025

PUBLISHED

Description

When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being used, and information for which the viewer is not authorized being returned. This issue affects Grafana Databricks Datasource Plugin: from 1.6.0 before 1.12.0

Vendor	Product	Versions
Grafana Labs	Grafana Databricks Datasource Plugin	affected `1.6.0 - < 1.12.1`

Weaknesses (CWE)

CWE-653

References

https://grafana.com/security/security-advisories/cve-2025-41116/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-41116

Description

Affected Products

Weaknesses (CWE)

References