CVE-2025-13084

Sažetak

The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators.

Reference

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-04.json
https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-04
https://www.opto22.com/support/resources-tools/knowledgebase/kb91325

CVSS

Base:	7.6
Impact:	4.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Zadnje važnije ažuriranje

26-11-2025 - 18:15

Objavljeno

26-11-2025 - 18:15