CVE-2025-70614

High CVSS: 8.1

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter.

Vendor

Product

CWE

CWE-284

Yayın Tarihi

2026-03-05 21:16:13

Güncelleme

2026-03-09 13:36:08

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 HIGH 2026

Referanslar

https://gist.github.com/whiteman0007/e02b8cfd6c67ff1eaaf54fba041582a1