CVE-2025-65238: USSD Gateway Broken Access Control - Sessions Description CVE ID: CVE-2025-65238 Vuln Type: Broken Access Control Affected Application: USSD Gateway Vendor: OpenCode Systems CVSS Link: CVE-2025-65238 Application Details Name: USSD Gateway Vendor: OpenCode Systems Version: OC Release 5 - Version 6.13.11 Technical Details Vulnerable Endpoint: Exploitation Impact: Allows low-privileged users to enumerate all application sessions by inserting the account ID of the user. Exploit Method: - POST Request to - Example Data: - Response: - Additional Note: Users can enumerate different user accounts, including super users, by changing the user ID.