CVE-2025-65235 – This SQL injection vulnerability in OpenCode Sy... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in OpenCode Systems USSD Gateway allows attackers to execute arbitrary SQL commands via the ID parameter in the getSubUsersByProvider function. This could lead to data theft, modification, or deletion, and potentially full system compromise. Organizations running the affected version of the USSD Gateway are at risk.

💻 Affected Systems

Products:

OpenCode Systems USSD Gateway

Versions: OC Release: 5 Version 6.13.11

Operating Systems: Not specified

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default configuration via the ID parameter in getSubUsersByProvider function.

📦 What is this software?

Ussd Gateway by Opencode

View all CVEs affecting Ussd Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, privilege escalation, remote code execution, and full system takeover.

🟠

Likely Case

Unauthorized access to sensitive user data, modification of USSD service configurations, and potential service disruption.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly weaponized, and public references exist demonstrating the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not found in provided references

Restart Required: No

Instructions:

1. Check vendor website for security updates
2. Apply any available patches
3. Verify fix implementation

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for the ID parameter

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting the getSubUsersByProvider endpoint

🧯 If You Can't Patch

Implement network segmentation to isolate the USSD Gateway from critical systems
Deploy intrusion detection systems and monitor for SQL injection attempts

🔍 How to Verify

Check if Vulnerable:

Test the getSubUsersByProvider endpoint with SQL injection payloads in the ID parameter

Check Version:

Check application version in admin interface or configuration files

Verify Fix Applied:

Verify that parameterized queries are implemented and SQL injection attempts are properly rejected

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed authentication attempts
Unexpected database access patterns

Network Indicators:

SQL keywords in HTTP requests to getSubUsersByProvider endpoint
Unusual database connection patterns

SIEM Query:

search 'SQL' OR 'UNION' OR 'SELECT' in web request logs targeting getSubUsersByProvider

📊 Metadata

CVE ID: CVE-2025-65235

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.05% exploit probability (14.2th percentile)

Published: November 26, 2025

Last Updated: January 2, 2026

🔗 References

https://eslam3kl.gitbook.io Not Applicable
https://eslam3kl.gitbook.io/blog/web-application-findings/cve-2025-65235-ussd-gw-sql-injection-subusers Exploit,Third Party Advisory
https://github.com/eslam3kl Not Applicable
https://eslam3kl.gitbook.io/blog/web-application-findings/cve-2025-65235-ussd-gw-sql-injection-subusers Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65235, you might also want to check these: