CVE-2025-13084

The users endpoint in the groov View API returns a list of all users and
 associated metadata including their API keys. This endpoint requires an
 Editor role to access and will display API keys for all users, 
including Administrators.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
icscertCNA
7.6 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Common Weakness Enumeration
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-04.json
https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-04
https://www.opto22.com/support/resources-tools/knowledgebase/kb91325