Opto 22 groov View

Published:

25 november 2025 om 12:00:00

Alert date:

5 december 2025 om 08:03:22

Source:

cisa.gov

CISA advisory for CVE-2025-13084 affecting Opto 22 groov View systems. The vulnerability involves exposure of sensitive information through metadata in the groov View API users endpoint. An Editor role can access API keys for all users including Administrators. CVSS v3.1 score of 7.6 and v4 score of 6.1. Affects groov View Server for Windows versions R1.0a to R4.5d and GRV-EPIC firmware versions prior to 4.0.3. Successful exploitation could result in credential exposure, key exposure, and privilege escalation. Patch available in groov View Server R4.5e and GRV-EPIC Firmware 4.0.3.

Technical details

Mitigation steps:

Affected products:

Opto 22 groov View
groov View Server for Windows
GRV-EPIC-PR1
GRV-EPIC-PR2

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-04
https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/1230.html
https://www.cve.org/CVERecord?id=CVE-2025-13084
https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
https://www.opto22.com/support/resources-tools/knowledgebase/kb91325
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

Related CVE's:

CVE-2025-13084

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.