Primary

Context

Opto 22 groov View Privilege Escalation Vulnerability Exposing API Keys

Vulnerability

A privilege escalation vulnerability has been identified in the Opto 22 groov View API, specifically in the users endpoint. This endpoint, which requires an Editor role to access, returns a list of all users along with their associated metadata, including API keys. Notably, the API keys of Administrators are also exposed. The vulnerability is present in groov View Server for Windows versions 3.3a through 4.5d, as well as GRV-EPIC-PR1 and GRV-EPIC-PR2 Firmwares prior to 4.0.3.

Impact

Exploitation of this vulnerability could lead to unauthorized access to API keys, allowing for credential and key exposure, and potential privilege escalation.

Remediation

Opto 22 has released a patch for this vulnerability. Users are advised to upgrade to groov View Server for Windows Version 4.5e and GRV-EPIC Firmware Version 4.0.3. Additional information can be found on the Opto 22 website.

Added: Nov 26, 2025, 6:24 PM

Updated: Nov 26, 2025, 6:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Opto 22 groov View Privilege Escalation Vulnerability Exposing API Keys

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating