Vulnerability Database

315,363

Total vulnerabilities in the database

CVE-2025-13087

A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.

Published: Nov 20, 2025
Updated: Nov 21, 2025
CVE: CVE-2025-13087
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.2
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo