Path Traversal Vulnerability in SS1 by Dos Osaka
CVE-2025-58072

8.7HIGH

Key Information:

Vendor: Dos Co., Ltd.
Status: Ss1; Ss1 Cloud
Vendor: CVE Published:; 28 August 2025

🔔 Create Dos Co., Ltd. Vulnerability Alert

What is CVE-2025-58072?

An improper limitation of a pathname to a restricted directory issue exists in SS1 versions 16.0.0.10 and earlier. This vulnerability can allow a remote unauthenticated attacker to exploit the system and access arbitrary files, potentially leading to exposure of sensitive data.

Affected Version(s)

SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)

SS1 Cloud Ver.2.1.3 and earlier (Affected under MacOS environment only)

References

https://www.dos-osaka.co.jp/news/2025/08/250827.html

https://jvn.jp/en/jp/JVN99577552/

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2025
Vulnerability Reserved
Aug 25, 2025