Incorrect oauth passthrough in Grafana Snowflake Datasource_CVE-2025-41116

2.1 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Description

When using the Grafana Databricks Datasource Plugin,
if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in

the wrong user identifier being used, and information for which the viewer is not authorized being returned.

This issue affects Grafana Databricks Datasource Plugin: from 1.12.1 before 1.12.0

Basic Information

ID CVE-2025-41116

Source GRAFANA

Published Nov 11, 2025 at 20:18

Affected Product

Vendor Grafana Labs

Product Grafana Databricks Datasource Plugin

Version 1.6.0

Affected Versions Grafana Labs Grafana Databricks Datasource Plugin 1.6.0

CWE Classification

CWE-653

References

grafana.com /security/security-advisories/cve-2025-41116/

{
    "lastseen": "",
    "description": "When using the Grafana Databricks Datasource Plugin,\nif Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it\u00a0 could result in\u00a0\n\nthe wrong user identifier being used, and information for which the viewer is not authorized being returned.\u00a0\n\nThis issue affects Grafana Databricks Datasource Plugin: from 1.12.1 before 1.12.0",
    "published": "2025-11-11T20:18:07.602Z",
    "modified": "2025-11-11T20:18:07.602Z",
    "type": "cve",
    "title": "Incorrect oauth passthrough in Grafana Snowflake Datasource",
    "source": "GRAFANA",
    "references": "https://grafana.com/security/security-advisories/cve-2025-41116/",
    "id": "CVE-2025-41116",
    "bulletinFamily": "",
    "cwe": [
        "CWE-653"
    ],
    "cvelist": null,
    "sourceData": "Grafana Labs Grafana Databricks Datasource Plugin 1.6.0",
    "sourceHref": "",
    "cvss": {
        "score": 2.1,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Grafana Databricks Datasource Plugin",
    "version": "1.6.0",
    "vendor": "Grafana Labs",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}