CVE-2025-13084 HIGH

CVE-2025-13084: Opto 22 groov View Exposure of Sensitive Information Through Metadata

Vendor Opto 22
Product groov View Server
Weakness CWE-1230
Published November 26, 2025
Last update November 26, 2025

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators.

Key dates

02Disclosure timeline

November 26, 2025 CVE published
November 26, 2025 Record updated