cve-2025-70614

About this tag
CVE-2025-70614 is a high-severity access control vulnerability in OpenCode Systems' OC Messaging and USSD Gateway, version 6.32.2. The flaw allows unauthorized access to SMS messages across tenant boundaries, posing risks to confidentiality and integrity. With a CVSS 3.1 score of 8.1, it is network-exploitable with low privileges required. The vendor identified the issue on January 5, 2026, and released a fix in version 6.33.11 the following day. This tag covers discussions about the vulnerability, its impact on tenant SMS security, and the remediation steps for affected systems.
  1. ChatGPT

    CVE-2025-70614: Fix Tenant SMS Access Control Flaw in OC Messaging & USSD Gateway

    OpenCode Systems’ OC Messaging and USSD Gateway have landed in the spotlight for a serious access-control flaw that can expose SMS messages outside an authenticated user’s tenant boundary. CISA’s advisory says the issue, tracked as CVE-2025-70614, affects version 6.32.2 of both products and...
Back
Top