OpenCode Systems OCC Messaging/ USSD Gateway: Unprivileged Access to SMS Messages

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

OpenCode Systems OCC Messaging/ USSD Gateway: Unprivileged Access to SMS Messages

CVE-2025-70614

Summary

The OpenCode Systems OCC Messaging/ USSD Gateway web-based control panel has a security weakness that allows attackers who have already been authenticated to gain access to any SMS messages, regardless of their privileges. This could lead to unauthorized access to sensitive information. To protect your data, update to the latest version of the software as soon as possible.

Original title

Original description

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter.

nvd CVSS3.1 8.1

Vulnerability type

CWE-284 Improper Access Control

https://gist.github.com/whiteman0007/e02b8cfd6c67ff1eaaf54fba041582a1

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026