You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-70614
About this tag
CVE-2025-70614 is a high-severity access control vulnerability in OpenCode Systems' OC Messaging and USSD Gateway, version 6.32.2. The flaw allows unauthorized access to SMS messages across tenant boundaries, posing risks to confidentiality and integrity. With a CVSS 3.1 score of 8.1, it is network-exploitable with low privileges required. The vendor identified the issue on January 5, 2026, and released a fix in version 6.33.11 the following day. This tag covers discussions about the vulnerability, its impact on tenant SMS security, and the remediation steps for affected systems.
OpenCode Systems’ OC Messaging and USSD Gateway have landed in the spotlight for a serious access-control flaw that can expose SMS messages outside an authenticated user’s tenant boundary. CISA’s advisory says the issue, tracked as CVE-2025-70614, affects version 6.32.2 of both products and...