Remote Code Execution Vulnerability in Opto22 Groov Manage API on GRV-EPIC and groov RIO Products
CVE-2025-13087

7.5HIGH

Key Information:

Vendor

Opto22

Status
Grv-epic-pr1
Grv-epic-pr2
Groov Rio Grv-r7-mm1001-10
Groov Rio Grv-r7-mm2001-10
Vendor
CVE Published:
20 November 2025

What is CVE-2025-13087?

A security vulnerability has been identified in the Opto22 Groov Manage REST API, impacting GRV-EPIC and groov RIO products. This issue occurs when a POST request is made to a specific endpoint, allowing for the unsafe processing of header information that can be exploited. Attackers with administrative access can execute arbitrary commands with root privileges, posing significant security threats to affected systems. It is crucial for users of these products to evaluate their exposure and apply necessary mitigations to protect against potential exploitation.

Affected Version(s)

groov RIO GRV-R7-I1VAPM-3 0 < 4.0.3

groov RIO GRV-R7-MM1001-10 0 < 4.0.3

groov RIO GRV-R7-MM2001-10 0 < 4.0.3

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-3...
https://www.opto22.com/support/resources-tools/knowledgeb...
https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nik Tsytsarkin of Meta reported this vulnerability to CISA.
Ismail Aydemir of Meta reported this vulnerability to CISA.
Ryan Hall of Meta reported this vulnerability to CISA.
JSON
.
CVE-2025-13087 : Remote Code Execution Vulnerability in Opto22 Groov Manage API on GRV-EPIC and groov RIO Products