Opto 22 groov View Exposure of Sensitive Information Through Metadata

7.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Description

The users endpoint in the groov View API returns a list of all users and
associated metadata including their API keys. This endpoint requires an
Editor role to access and will display API keys for all users,
including Administrators.

Basic Information

ID CVE-2025-13084

Source icscert

Published Nov 26, 2025 at 17:39

Modified Nov 26, 2025 at 18:59

Affected Product

Vendor Opto 22

Product groov View Server

Version R1.0a

Affected Versions Opto 22 groov View Server R1.0a
Opto 22 GRV-EPIC-PR1 Firmware 0
Opto 22 GRV-EPIC-PR2 Firmware 0

CWE Classification

CWE-1230

References

{
    "lastseen": "",
    "description": "The users endpoint in the groov View API returns a list of all users and\n associated metadata including their API keys. This endpoint requires an\n Editor role to access and will display API keys for all users, \nincluding Administrators.",
    "published": "2025-11-26T17:39:37.931Z",
    "modified": "2025-11-26T18:59:31.021Z",
    "type": "cve",
    "title": "Opto 22 groov View Exposure of Sensitive Information Through Metadata",
    "source": "icscert",
    "references": "https://www.opto22.com/support/resources-tools/knowledgebase/kb91325\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-329-04\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-04.json",
    "id": "CVE-2025-13084",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1230"
    ],
    "cvelist": null,
    "sourceData": "Opto 22 groov View Server R1.0a\nOpto 22 GRV-EPIC-PR1 Firmware 0\nOpto 22 GRV-EPIC-PR2 Firmware 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "groov View Server",
    "version": "R1.0a",
    "vendor": "Opto 22",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Opto 22 groov View Exposure of Sensitive Information Through Metadata_CVE-2025-13084