All CISA Advisories, EN

Opto 22 groov View

2025-11-25 20:11

1. EXECUTIVE SUMMARY

CVSS v4 6.1
ATTENTION: Exploitable remotely/Low attack complexity
Vendor: Opto 22
Equipment: groov View
Vulnerability: Exposure of Sensitive Information Through Metadata

2. RISK EVALUATION

Successful exploitation of this vulnerability could result in credential exposure, key exposure, and privilege escalation.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of groov View are affected:

groov View Server for Windows: Versions R1.0a to R4.5d
GRV-EPIC-PR1 Firmware: Versions prior to 4.0.3
GRV-EPIC-PR2 Firmware: Versions prior to 4.0.3

3.2 VULNERABILITY OVERVIEW

3.2.1 Exposure of Sensitive Information Through Metadata CWE-1230

The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators.

CVE-2025-13084 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L).

A CVSS v4 score has also been calculated for CVE-2025-13084. A base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
COUNTRIES/AREAS DEPLOYED:<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Opto 22 groov View

Share this:
Facebook
X
LinkedIn
Like this:
Like Loading...

Related

Tags: All CISA Advisories EN

Post navigation

← Festo Compact Vision System, Control Block, Controller, and Operator Unit products

CISA Releases Seven Industrial Control Systems Advisories →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

2026 Predictions for Autonomous AI November 25, 2025

IT Security News Hourly Summary 2025-11-25 21h : 4 posts November 25, 2025

Can We Trust AI with Our Cybersecurity? The Growing Importance of AI Security November 25, 2025

ICE Offers Up to $280 Million to Immigrant-Tracking ‘Bounty Hunter’ Firms November 25, 2025

How to use GPG to encrypt and decrypt files November 25, 2025

Radware Adds Firewall for LLMs to Security Portfolio November 25, 2025

Life in the Swimlane with Pauline Bacot, Senior Product Marketing Manager November 25, 2025

NDSS 2025 – EAGLEYE: Exposing Hidden Web Interfaces In loT Devices Via Routing Analysis November 25, 2025

AI Agent Security Firm Vijil Raises $17 Million November 25, 2025

CISA Warns of Spyware Targeting Messaging App Users November 25, 2025

Introducing guidelines for network scanning November 25, 2025

HashJack attack shows AI browsers can be fooled with a simple ‘#’ November 25, 2025

Critical vLLM Flaw Puts AI Systems at Risk of Remote Code Execution November 25, 2025

SiRcom SMART Alert (SiSA) November 25, 2025

Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share November 25, 2025

CISA Releases Seven Industrial Control Systems Advisories November 25, 2025

Opto 22 groov View November 25, 2025

Festo Compact Vision System, Control Block, Controller, and Operator Unit products November 25, 2025

Nominations Open For The Most Inspiring Women in Cyber Awards 2026 November 25, 2025

Salt Security Launches Salt MCP Finder Technology November 25, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options

Manage services

Manage {vendor_count} vendors

Read more about these purposes

View preferences

{title}

{title}

{title}