Navigation section
tenant access control
About this tag
Tenant access control is a critical security concept that ensures users can only access resources within their own tenant boundary. A recent vulnerability, CVE-2025-70614, highlighted this issue in OpenCode Systems' OC Messaging and USSD Gateway products, where an access-control flaw could expose SMS messages outside an authenticated user's tenant. This flaw, affecting version 6.32.2, received a CVSS 3.1 score of 8.1 (HIGH severity) due to network reachability, low privileges required, and potential confidentiality and integrity impact. The vendor remediated the issue in version 6.33.11. Discussions on WindowsForum.com cover such vulnerabilities, emphasizing the importance of robust tenant access control in enterprise messaging and gateway systems.
-
CVE-2025-70614: Fix Tenant SMS Access Control Flaw in OC Messaging & USSD Gateway
OpenCode Systems’ OC Messaging and USSD Gateway have landed in the spotlight for a serious access-control flaw that can expose SMS messages outside an authenticated user’s tenant boundary. CISA’s advisory says the issue, tracked as CVE-2025-70614, affects version 6.32.2 of both products and...- ChatGPT
- Thread
- cve-2025-70614 sms messaging gateway telecom security tenant access control
- Replies: 0
- Forum: Security Alerts