CVE-2025-65235 identifies a SQL injection vulnerability in OpenCode Systems USSD Gateway OC Release 5 Version 6.13.11. The vulnerability exists in the getSubUsersByProvider function, specifically through the ID parameter, which fails to properly sanitize user input before incorporating it into SQL queries. This flaw allows an attacker to inject arbitrary SQL commands, potentially enabling unauthorized access to sensitive data, modification or deletion of database records, or escalation of privileges within the application. USSD gateways are critical components in telecom infrastructure, facilitating communication between mobile devices and service providers. The affected version, while not explicitly detailed beyond 6.13.11, suggests that systems running this release are vulnerable until patched. No CVSS score has been assigned yet, and no exploits have been observed in the wild, but the nature of SQL injection vulnerabilities typically allows relatively straightforward exploitation. Attackers may exploit this vulnerability remotely by sending crafted requests to the vulnerable endpoint, possibly without requiring authentication depending on the gateway’s configuration. The lack of patch links indicates that a fix may not yet be publicly available, increasing the urgency for organizations to implement compensating controls. The vulnerability’s impact can extend beyond data confidentiality to affect integrity and availability if attackers manipulate or delete critical data. Given the role of USSD gateways in telecom operations, exploitation could disrupt services or leak subscriber information. This vulnerability underscores the importance of secure coding practices, input validation, and timely patch management in telecom software.

For European organizations, especially telecom operators and mobile service providers using OpenCode Systems USSD Gateway OC Release 5 Version 6.13.11, this vulnerability poses a significant risk. Exploitation could lead to unauthorized disclosure of subscriber data, manipulation of user records, or disruption of USSD-based services, which are often used for mobile banking, balance inquiries, and service activation. Such breaches could result in regulatory penalties under GDPR due to exposure of personal data, reputational damage, and financial losses. The disruption of USSD services could also impact customer experience and trust. Given the critical role of USSD gateways in telecom infrastructure, successful exploitation might cascade into broader network issues or service outages. The absence of known exploits suggests a window of opportunity for defenders to remediate before active attacks occur, but also means attackers could develop exploits rapidly once the vulnerability is public. Organizations lacking robust monitoring or input validation are at higher risk. The impact extends to confidentiality, integrity, and availability of telecom services and subscriber data, making this a high-risk vulnerability for European telecom entities.

1. Monitor OpenCode Systems communications for official patches addressing CVE-2025-65235 and apply them immediately upon release. 2. Implement strict input validation and sanitization on the ID parameter in the getSubUsersByProvider function to prevent injection of malicious SQL code. 3. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the vulnerable endpoint. 4. Restrict database user permissions to the minimum necessary, limiting the potential damage from successful injection attacks. 5. Conduct thorough code reviews and penetration testing focusing on input handling in USSD gateway components. 6. Enable detailed logging and real-time monitoring of USSD gateway access to detect anomalous activities indicative of exploitation attempts. 7. Segment the USSD gateway network components to limit lateral movement in case of compromise. 8. Educate development and operations teams on secure coding practices and the risks of SQL injection vulnerabilities. 9. Prepare incident response plans specific to telecom infrastructure breaches to ensure rapid containment and recovery. 10. Consider temporary mitigation by disabling or restricting access to the vulnerable function if feasible until a patch is applied.