CVE-2025-13087

HIGH EPSS 92.7%

Published Nov 20, 20257mo ago · Modified Jun 17, 20261w ago

7.5 CVSS 4.0

High

Published Nov 20, 2025 7mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.

CVSS Details

Base Score

7.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity High

Privileges Required High

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

92.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

References 3

github.com https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-03.json
cisa.gov https://www.cisa.gov/news-events/ics-advisories/icsa-25-324-03
opto22.com https://www.opto22.com/support/resources-tools/knowledgebase/kb91326

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.