exploitDog

CVE-2025-65238

Опубликовано: 26 нояб. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information.

Ссылки

https://eslam3kl.gitbook.io
Not Applicable
https://eslam3kl.gitbook.io/blog/web-application-findings/cve-2025-65238-ussd-gateway-broken-access-control-sessions
Exploit
Third Party Advisory
https://github.com/eslam3kl
Not Applicable
https://eslam3kl.gitbook.io/blog/web-application-findings/cve-2025-65238-ussd-gateway-broken-access-control-sessions
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opencode:ussd_gateway:6.13.11:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00034

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-q3m5-g9pg-7793

CVSS3: 6.5

github

2 месяца назад

Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information.

EPSS

Процентиль: 10%

0.00034

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-284