彙總 opencode 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 SQL 注入與跨站腳本,在 軟體部署與生產負載 使用場景中可能帶來 資料外洩與工作階段劫持 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-70614 | OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter. | [email protected] | 8.1 | 0.26% | 2026-03-05 | 2026-06-17 |
| CVE-2025-65239 | Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs. | [email protected] | 4.3 | 0.25% | 2025-11-26 | 2026-06-17 |
| CVE-2025-65238 | Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information. | [email protected] | 6.5 | 0.29% | 2025-11-26 | 2026-06-17 |
| CVE-2025-65237 | A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload. | [email protected] | 6.1 | 0.23% | 2025-11-26 | 2026-06-17 |
| CVE-2025-65236 | OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint. | [email protected] | 9.8 | 0.39% | 2025-11-26 | 2026-06-17 |
| CVE-2025-65235 | OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function. | [email protected] | 9.8 | 0.38% | 2025-11-26 | 2026-06-17 |