CVE-2025-65239

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-11-26

Last updated on: 2025-12-30

Assigner: MITRE

Description

Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-11-26

Last Modified

2025-12-30

Generated

2026-06-16

AI Q&A

2025-11-26

EPSS Evaluated

2026-06-14

NVD

CVE-2025-65239

EUVD

EUVD-2025-199725

Affected Vendors & Products

Vendor	Product	Version / Range
opencode	ussd_gateway	6.13.11

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-284	The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

Executive Summary

This vulnerability is an incorrect access control issue in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11. It allows attackers who have low-level privileges to read server logs, which they should not normally be able to access.

Impact Analysis

The vulnerability can impact you by allowing attackers with low-level privileges to access sensitive server logs. This could lead to exposure of sensitive information contained in the logs, potentially aiding further attacks or information leakage.

Hi! I’m here to help you understand CVE-2025-65239. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2025-65239

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart