Medium severity6.2NVD Advisory· Published Nov 20, 2025· Updated Apr 15, 2026

CVE-2025-13087

Description

A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-03.jsonnvd
www.cisa.gov/news-events/ics-advisories/icsa-25-324-03nvd
www.opto22.com/support/resources-tools/knowledgebase/kb91326nvd

News mentions

No linked articles in our index yet.

cvss	0.403
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000