An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator exists 2. The Server administrator is either: - Not part of any organization, or - Part of the same organization as the Organization administrator Impact: - Organization administrators can permanently delete Server administrator accounts - If the only Server administrator is deleted, the Grafana instance becomes unmanageable - No super-user permissions remain in the system - Affects all users, organizations, and teams managed in the instance The vulnerability is particularly serious as it can lead to a complete loss of administrative control over the Grafana instance.

The version of Grafana Labs installed on the remote host is affected by an improper access control vulnerability as referenced in the CVE-2025-3580 advisory. 

  - An access control vulnerability was discovered in Grafana OSS where an Organization administrator could     permanently delete the Server administrator account. This vulnerability exists in the DELETE     /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator     exists 2. The Server administrator is either: - Not part of any organization, or - Part of the same     organization as the Organization administrator Impact: - Organization administrators can permanently     delete Server administrator accounts - If the only Server administrator is deleted, the Grafana instance     becomes unmanageable - No super-user permissions remain in the system - Affects all users, organizations,     and teams managed in the instance The vulnerability is particularly serious as it can lead to a complete     loss of administrative control over the Grafana instance. (CVE-2025-3580)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01985-1 advisory.

    release-notes-susemanager:

    - Update to SUSE Manager 4.3.15.2
      * SUSE Manager 4.3 will transition to LTS after June 2025
      * CVE Fixed         CVE-2023-45288, CVE-2024-11741, CVE-2024-45337, CVE-2024-45339         CVE-2024-51744, CVE-2024-9264, CVE-2024-9476, CVE-2025-22870         CVE-2025-22872, CVE-2025-2703 CVE-2025-27144, CVE-2025-3454         CVE-2025-3580, CVE-2025-4123, CVE-2024-47535

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.19, or 11.2.x earlier than 11.2.10, or 11.3.x earlier than 11.3.7, or 11.4.x earlier than 11.4.5, or 11.5.x earlier than 11.5.5, or 11.6.x earlier than 11.6.2, or 12.0.x earlier than 12.0.1. It is, therefore, affected by a improper access control vulnerability.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
241355	Grafana Labs 10.4.x < 10.4.19, 11.2.x < 11.2.10, 11.3.x < 11.3.7, 11.4 < 11.4.5, 11.5 < 11.5.5, 11.6 < 11.6.2, 12.0.x < 12.0.1 Improper Access Control (CVE-2025-3580)	Nessus	Web Servers	medium
240808	SUSE SLES15 : Security update 4.3.15 for Multi-Linux Manager Server (SUSE-SU-2025:01985-1)	Nessus	SuSE Local Security Checks	critical
114810	Grafana 12.0.x < 12.0.1 Improper Access Control	Web App Scanning	Component Vulnerability	medium
114809	Grafana 11.6.x < 11.6.2 Improper Access Control	Web App Scanning	Component Vulnerability	medium
114808	Grafana 11.5.x < 11.5.5 Improper Access Control	Web App Scanning	Component Vulnerability	medium
114807	Grafana 11.4.x < 11.4.5 Improper Access Control	Web App Scanning	Component Vulnerability	medium
114806	Grafana 11.3.x < 11.3.7 Improper Access Control	Web App Scanning	Component Vulnerability	medium
114805	Grafana 11.2.x < 11.2.10 Improper Access Control	Web App Scanning	Component Vulnerability	medium
114804	Grafana < 10.4.19 Improper Access Control	Web App Scanning	Component Vulnerability	medium

Detections

Analytics

CVE-2025-3580

medium

Tenable Plugins

medium

critical

medium

medium

medium

medium

medium

medium

medium