Remote File Upload Vulnerability in SS1 Product by Dos Osaka
CVE-2025-54762

9.3CRITICAL

Key Information:

Vendor: Dos Co., Ltd.
Status: Ss1
Vendor: CVE Published:; 28 August 2025

🔔 Create Dos Co., Ltd. Vulnerability Alert

What is CVE-2025-54762?

The vulnerability in Dos Osaka's SS1 product allows remote unauthenticated attackers to leverage file upload capabilities to execute arbitrary OS commands with SYSTEM-level privileges. This poses a substantial security risk, enabling potential takeover of the affected system.

Affected Version(s)

SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Windows environment only)

References

https://www.dos-osaka.co.jp/news/2025/08/250827.html

https://jvn.jp/en/jp/JVN99577552/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2025
Vulnerability Reserved
Aug 25, 2025