CVE-2025-54819
BaseFortify
Publication date: 2025-08-28
Last updated on: 2025-08-29
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dos | ss1 | 16.0.0.10 |
| dos | ss1_cloud | 2.1.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54819 is a path traversal vulnerability in SS1 software (including SS1 Cloud) that allows a remote attacker to overwrite legitimate files on the system by exploiting insufficient validation of file paths. This means an attacker can manipulate file path inputs to access and replace files outside the intended restricted directories. [2]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow a remote attacker to overwrite legitimate files on your system, potentially leading to system compromise or disruption. This could affect the stability, security, and reliability of your system or application running SS1. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update SS1 software to the latest patched versions provided by DOS Co., Ltd. Users with maintenance contracts can access updates via the "CLUB SS1" website, and SS1 Cloud administrators should update through the management site. Applying these patches addresses the path traversal vulnerability and related security issues. [1, 2]