CVE-2025-13084

Summary

The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators.

Affected Software

VendorProductVersion RangeStatus
Opto 22groov View ServerR1.0a <= R4.5daffected
Opto 22GRV-EPIC-PR1 Firmware0 <= 4.0.3affected
Opto 22GRV-EPIC-PR2 Firmware0 <= 4.0.3affected

Weaknesses

  • CWE-1230: CWE-1230

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References