Home / Vulnerability Intelligence / CVE-2025-70614

CVE-2025-70614 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 6, 2026

OpenCode Systems OC Messaging / USSD Gateway OC - Broken Access Control

Published: March 5, 2026Updated: March 6, 2026Remote Exploitable

Overview

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability caused by improper validation of company or tenant identifier parameter in the web-based control panel, letting authenticated low-privileged attackers access arbitrary SMS messages.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 2.8%(Probability of exploitation in next 30 days)

Impact

Authenticated low-privileged attackers can access arbitrary SMS messages, leading to sensitive information disclosure.

Mitigation

Update to the latest version.

References

https://gist.github.com/whiteman0007/e02b8cfd6c67ff1eaaf54fba041582a1

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 7, 2026

🟠 CVE-2025-70614 - High (8.1) OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70614/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-70614
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: new
EPSS: 2.8%
Social Posts: 1

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

2.8%Probability of exploitation in the next 30 days