Overview
CVE-2025-13084 is a high-severity vulnerability affecting the groov View API. This vulnerability allows users with Editor roles to access an endpoint that lists all users and their associated metadata, including their API keys. This exposure affects all users, including those with Administrator privileges, posing a significant security risk.
Technical Details
The vulnerability resides within the /users endpoint of the groov View API. Authentication with an Editor role is required to access this endpoint. However, once accessed, the endpoint discloses sensitive information, including API keys for all users defined within the groov View system. This unauthorized disclosure of API keys allows attackers to potentially impersonate users, gain elevated privileges, and compromise the entire system. The API keys are presented in plaintext or an easily decodable format, making exploitation straightforward.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigned a score of 7.6 (HIGH) to CVE-2025-13084. This score reflects the significant impact and ease of exploitation. The factors contributing to this score include:
- Attack Vector: Network (AV:N) – Vulnerability is exploitable over a network.
- Attack Complexity: Low (AC:L) – No special conditions or mitigating circumstances exist.
- Privileges Required: Low (PR:L) – An attacker only requires Editor level privileges.
- User Interaction: None (UI:N) – No user interaction is required to exploit the vulnerability.
- Scope: Unchanged (S:U) – An exploited vulnerability can only affect resources managed by the same security authority.
- Confidentiality Impact: High (C:H) – There is a total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker.
- Integrity Impact: High (I:H) – There is a total loss of integrity, or complete loss of protection. The attacker can modify any files or settings on the impacted component.
- Availability Impact: High (A:H) – There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either persistent or irreversible.
Possible Impact
Successful exploitation of CVE-2025-13084 can have severe consequences, including:
- Account Takeover: Attackers can use exposed API keys to impersonate users, including administrators, and gain full control over the groov View system.
- Data Breach: Access to sensitive data stored within the groov View system is possible, leading to potential data breaches and regulatory compliance issues.
- System Disruption: Attackers can modify or delete critical system configurations, leading to system outages and operational disruptions.
- Lateral Movement: Compromised accounts can be used to gain access to other systems on the network, potentially expanding the scope of the attack.
Mitigation or Patch Steps
To mitigate the risks associated with CVE-2025-13084, it is crucial to take the following steps:
- Apply the Patch: Upgrade groov View to the latest version as soon as a patch is released by Opto22. Refer to the official Opto22 advisory (see References) for the specific patched version.
- Restrict Access: As a temporary workaround, restrict Editor role access to only the users who absolutely require it. Monitor Editor role activity closely.
- Rotate API Keys: If you suspect your system may have been compromised, immediately rotate all API keys within groov View after applying the patch.
- Network Segmentation: Implement network segmentation to limit the blast radius of a potential compromise.
- Monitoring and Logging: Enhance monitoring and logging of API access to detect suspicious activity.
References
CISA CSAF Advisory
CISA ICS Advisory ICSA-25-329-04
Opto22 Knowledge Base Article KB91325
