PT-2026-23502 · Opencode Systems · Oc Messaging / Ussd Gateway

Published

2026-03-05

Updated

2026-05-06

CVE-2025-70614

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions OpenCode Systems OC Messaging / USSD Gateway version 6.32.2

Description The software contains a flaw in access control within the web-based control panel. An authenticated attacker with limited privileges can access arbitrary SMS messages by manipulating the company or tenant identifier parameter. The vulnerable parameter is company or tenant identifier.

Recommendations Apply any available updates to address the access control issue in the web-based control panel. As a temporary workaround, restrict access to the web-based control panel to only authorized personnel.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-70614

Affected Products

Oc Messaging / Ussd Gateway

PT-2026-23502 · Opencode Systems · Oc Messaging / Ussd Gateway

CVE-2025-70614

Weakness Enumeration

Related Identifiers

Affected Products

References · 7