CVE-2025-54819
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-28

Last updated on: 2025-08-29

Assigner: JPCERT/CC

Description
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-28
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-54819
EUVD
EUVD-2025-26063
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dos ss1 16.0.0.10
dos ss1_cloud 2.1.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-54819 is a path traversal vulnerability in SS1 software (including SS1 Cloud) that allows a remote attacker to overwrite legitimate files on the system by exploiting insufficient validation of file paths. This means an attacker can manipulate file path inputs to access and replace files outside the intended restricted directories. [2]

Impact Analysis

If exploited, this vulnerability can allow a remote attacker to overwrite legitimate files on your system, potentially leading to system compromise or disruption. This could affect the stability, security, and reliability of your system or application running SS1. [2]

Mitigation Strategies

To mitigate this vulnerability, you should update SS1 software to the latest patched versions provided by DOS Co., Ltd. Users with maintenance contracts can access updates via the "CLUB SS1" website, and SS1 Cloud administrators should update through the management site. Applying these patches addresses the path traversal vulnerability and related security issues. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54819. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart