CVE-2025-13087 | Opto22 groov RIO GRV-R7-I1VAPM-3 up to 4.0.2 REST API os command injection (icsa-25-324-03)

November 21, 2025 Yanac

A vulnerability has been found in Opto22 GRV-EPIC-PR1, GRV-EPIC-PR2, groov RIO GRV-R7-MM1001-10, groov RIO GRV-R7-MM2001-10 and groov RIO GRV-R7-I1VAPM-3 up to 4.0.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the component REST API. This manipulation causes os command injection.

This vulnerability is handled as CVE-2025-13087. The attack can be initiated remotely. There is not any exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More