CVE-2025-3580 — An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /ap — CVE Database · The Intelligence Room