CVE-2025-41116 is a vulnerability identified in the Grafana Databricks Datasource Plugin, specifically affecting versions from 1.6.0 up to but not including 1.12.0. The root cause is a logic flaw related to OAuth passthrough authentication when multiple users concurrently access the same datasource on a single Grafana instance. Under these conditions, the plugin may incorrectly associate user identifiers, resulting in the return of data belonging to a different user than the one currently viewing the dashboard. This behavior violates access control principles and can lead to unauthorized data disclosure. The vulnerability is categorized as CWE-653, which involves improper use of a security mechanism—in this case, OAuth passthrough. The CVSS 4.0 base score is 2.1, reflecting a low severity due to the requirement of low privileges, user interaction, and limited impact scope. No integrity or availability impacts are reported, and no known exploits exist in the wild as of the publication date. The issue primarily affects confidentiality by exposing data to unauthorized users within the same Grafana instance. The vulnerability was reserved in April 2025 and published in November 2025, with no patch links provided yet, indicating that remediation may require vendor updates or configuration changes.

For European organizations, this vulnerability poses a risk of unauthorized data disclosure within Grafana dashboards that use the Databricks Datasource Plugin with OAuth passthrough enabled. Organizations relying on Grafana for data visualization and analytics, especially those integrating Databricks for big data processing, could inadvertently expose sensitive or regulated information to unauthorized users within the same instance. This is particularly concerning for sectors handling personal data under GDPR, financial data, or intellectual property. While the severity is low, the breach of confidentiality could lead to compliance violations, reputational damage, and potential legal consequences. The impact is limited to multi-user environments sharing datasources with OAuth passthrough enabled, so single-user or differently configured setups are less affected. Since no known exploits exist, the immediate threat is low, but the vulnerability could be exploited if attackers gain low-level access and user interaction is feasible. The limited scope and low CVSS score suggest the impact is contained but still relevant for organizations with strict data access controls.

European organizations should take the following specific actions to mitigate this vulnerability: 1) Immediately audit Grafana instances to identify versions of the Databricks Datasource Plugin in use, focusing on versions from 1.6.0 up to before 1.12.0. 2) Disable OAuth passthrough on affected datasources if possible, or segregate datasources per user to avoid multi-user sharing scenarios that trigger the vulnerability. 3) Monitor and restrict user privileges on Grafana instances to limit the number of users sharing datasources concurrently. 4) Apply vendor patches or updates as soon as they become available; if no patch is currently available, engage with Grafana Labs support for interim fixes or workarounds. 5) Implement strict access controls and logging to detect any anomalous data access patterns within Grafana dashboards. 6) Educate users about the risk of unauthorized data exposure in shared environments and enforce policies to minimize concurrent multi-user datasource usage. 7) Consider network segmentation and additional authentication layers around Grafana instances to reduce the risk of unauthorized access. These measures go beyond generic advice by focusing on configuration changes and operational controls tailored to the vulnerability's exploitation conditions.