BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·69d ago

OpenCode Systems OC Messaging and USSD Gateway

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-085-02.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an authenticated low-privileged user to gain access to SMS messages outside of their authorized tenant scope via a crafted company or tenant identifier parameter. /strong /p p The following versions of OpenCode Systems OC Messaging and USSD Gateway are affected: /p ul li OC Messaging 6.32.2 (CVE-2025-70614) /li li USSD Gateway 6.32.2 (CVE-2025-70614) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 8.1 /td td OpenCode Systems /td td OpenCode Systems OC Messaging and USSD Gateway /td td Improper Access Control /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Communications /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Bulgaria /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-70614 /a /h3 div class= csaf-accordion-content p OpenCode Systems Custom Messaging Gateway 6.32.2 contains a web access vulnerability allowing one authenticated user to gain access to another authenticated user's messages via a crafted identifier parameter. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-70614 View CVE Details /a /p hr h4 Affected Products /h4 h5 OpenCode Systems OC Messaging and USSD Gateway /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br OpenCode Systems /div div class= ics-version strong Product Version: /strong br OpenCode Systems OC Messaging: 6.32.2, OpenCode Systems USSD Gateway: 6.32.2 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br The vulnerability was identified by OpenCode Systems on January 5, 2026 and remediated on January 6, 2026 with the release of version 6.33.11. /p p strong Mitigation /strong br For more information, contact OpenCode: https://opencode.com/about/contact-us br a href= https://opencode.com/about/contact-us https://opencode.com/about/contact-us /a /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/284.html CWE-284 Improper Access Control /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS Version /th th role= columnhead

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-085-02

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin