CVE-2025-65238 – This vulnerability allows attackers with low-le... (How to Fix)

Q: What is the severity of CVE-2025-65238?

CVE-2025-65238 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows attackers with low-level privileges in OpenCode Systems USSD Gateway to bypass access controls and dump user records containing sensitive information. It affects organizations using the vulnerable version of the USSD Gateway software for mobile communication services.

📋 TL;DR

This vulnerability allows attackers with low-level privileges in OpenCode Systems USSD Gateway to bypass access controls and dump user records containing sensitive information. It affects organizations using the vulnerable version of the USSD Gateway software for mobile communication services.

💻 Affected Systems

Products:

OpenCode Systems USSD Gateway

Versions: OC Release: 5 Version 6.13.11

Operating Systems: Not specified, likely multiple

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the getSubUsersByProvider function specifically. Requires attacker to have some level of authenticated access.

📦 What is this software?

Ussd Gateway by Opencode

View all CVEs affecting Ussd Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could exfiltrate all user records including personal identifiable information, authentication credentials, and sensitive communication data, leading to data breaches, identity theft, and regulatory violations.

🟠

Likely Case

Low-privilege users or compromised accounts could access and steal sensitive user information from the system, potentially exposing customer data and violating privacy regulations.

🟢

If Mitigated

With proper access controls and monitoring, unauthorized access attempts would be blocked and logged, limiting exposure to attempted intrusions only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but with low privileges. Public technical details available in referenced blog posts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Monitor OpenCode Systems for security updates and apply when released.

🔧 Temporary Workarounds

Implement strict access controls

all

Add additional authorization checks to the getSubUsersByProvider function to verify user permissions before allowing access to sensitive data.

Network segmentation

all

Restrict network access to the USSD Gateway to only trusted internal networks and implement firewall rules to limit exposure.

🧯 If You Can't Patch

Implement application-level monitoring and alerting for unauthorized access attempts to the getSubUsersByProvider function
Apply principle of least privilege to all user accounts and regularly audit access permissions

🔍 How to Verify

Check if Vulnerable:

Check if running OpenCode USSD Gateway version 6.13.11. Test if low-privilege users can access the getSubUsersByProvider function and retrieve user records they shouldn't have access to.

Check Version:

Check application configuration files or administrative interface for version information

Verify Fix Applied:

After implementing workarounds, test with low-privilege accounts to ensure they cannot access sensitive user data through the vulnerable function.

📡 Detection & Monitoring

Log Indicators:

Multiple unauthorized access attempts to getSubUsersByProvider function
Unusual data retrieval patterns from user databases
Access logs showing low-privilege users accessing sensitive endpoints

Network Indicators:

Unusual outbound data transfers from USSD Gateway servers
Suspicious API calls to user data endpoints

SIEM Query:

source="ussd_gateway" AND (event="getSubUsersByProvider" OR endpoint="/api/users") AND user_role="low_privilege" AND result="success"

📊 Metadata

CVE ID: CVE-2025-65238

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-284

EPSS Score: 0.04% exploit probability (11.9th percentile)

Published: November 26, 2025

Last Updated: January 2, 2026

🔗 References

https://eslam3kl.gitbook.io Not Applicable
https://eslam3kl.gitbook.io/blog/web-application-findings/cve-2025-65238-ussd-gateway-broken-access-control-sessions Exploit,Third Party Advisory
https://github.com/eslam3kl Not Applicable
https://eslam3kl.gitbook.io/blog/web-application-findings/cve-2025-65238-ussd-gateway-broken-access-control-sessions Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65238, you might also want to check these: