PT-2025-48156 · Opencode Systems · Opencode Systems Ussd Gateway
Published
2025-11-26
·
Updated
2025-11-26
·
CVE-2025-65238
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenCode Systems USSD Gateway version 6.13.11
Description
A flaw exists in the
getSubUsersByProvider function that allows attackers with limited privileges to retrieve user records and access sensitive information. The issue is due to incorrect access control.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
LPE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opencode Systems Ussd Gateway