CVE-2025-65239

MEDIUM EPSS 16.3%
Published Nov 26, 20257mo ago · Modified Jun 17, 20262w ago
4.3 CVSS 3.1
Medium
Find Similar
Published Nov 26, 2025 7mo ago
Last Modified Jun 17, 2026 2w ago

Description

Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.

CVSS Details

Base Score
4.3
Exploitability
2.8
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
16.3% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-284

Affected Products 1

VendorProductVersionRange
opencodeussd_gateway6.13.11any

References 3

  • eslam3kl.gitbook.io https://eslam3kl.gitbook.io
    Not Applicable
  • eslam3kl.gitbook.io https://eslam3kl.gitbook.io/blog/web-application-findings/cve-2025-65239-ussd-gateway-broken-access-control-logs
    ExploitThird Party Advisory
  • github.com https://github.com/eslam3kl
    Not Applicable

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.