top of page
perceptive_background_267k.jpg

OpenCode Systems OC Messaging and USSD Gateway

Published:

26 March 2026 at 12:00:00

Alert date:

26 March 2026 at 17:02:46

Source:

cisa.gov

Click to open the original link from this advisory

Critical Infrastructure, Email & Messaging

OpenCode Systems OC Messaging and USSD Gateway version 6.32.2 contains a critical improper access control vulnerability (CVE-2025-70614) with CVSS score 8.1. The vulnerability allows authenticated low-privileged users to access SMS messages outside their authorized tenant scope via crafted company or tenant identifier parameters. The flaw affects communications infrastructure deployed worldwide and was identified and patched within 24 hours by OpenCode Systems with version 6.33.11 released on January 6, 2026. The vulnerability was reported by Hussein Amer to CISA.

Technical details

Mitigation steps:

Affected products:

OpenCode Systems OC Messaging
OpenCode Systems USSD Gateway

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-085-02
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-085-02.json
https://www.cve.org/CVERecord?id=CVE-2025-70614
https://opencode.com/about/contact-us
https://cwe.mitre.org/data/definitions/284.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page