JVN#99577552
Multiple vulnerabilities in SS1
Overview
SS1 provided by DOS Co., Ltd. contains multiple vulnerabilities.
Products Affected
CVE-2025-46409, CVE-2025-52460, CVE-2025-53396, CVE-2025-53970, CVE-2025-54762, CVE-2025-54819, CVE-2025-58072, CVE-2025-58081
- SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier)
- SS1 Cloud Ver.2.1.3 and earlier
CVE-2025-52460, CVE-2025-53970, and CVE-2025-54762 are affected under Windows environment only.
CVE-2025-53396, CVE-2025-58072, and CVE-2025-58081 are affected under MacOS environment only.
Description
SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below.
- Inadequate encryption strength(CWE-326)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 8.7
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5
- CVE-2025-46409
- Files or directories accessible to external parties(CWE-552)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.9
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3
- CVE-2025-52460
- Incorrect permission assignment for critical resource(CWE-732)
- CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 7.3
- CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.0
- CVE-2025-53396
- Unrestricted upload of file with dangerous type(CWE-434)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-53970, CVE-2025-54762
- Path traversal(CWE-22)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Base Score 7.1
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Base Score 6.5
- CVE-2025-54819
- Path traversal(CWE-22)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 8.7
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5
- CVE-2025-58072
- Use of hard-coded password(CWE-259)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 8.7
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5
- CVE-2025-58081
Impact
- A function that requires authentication may be accessed by a remote attacker (CVE-2025-46409)
- Uploaded files and SS1 configuration files may be accessed by a remote attacker (CVE-2025-52460)
- Root privileges may be obtained by users who can log in to a client terminal (CVE-2025-53396)
- Arbitrary files may be uploaded and arbitrary OS commands may be executed with SYSTEM privileges (CVE-2025-53970, CVE-2025-54762)
- Legitimate files may be overwritten by a remote attacker (CVE-2025-54819)
- Arbitrary files may be viewed by a remote attacker (CVE-2025-58072)
- Arbitrary files may be viewed with root privileges by a remote attacker (CVE-2025-58081)
Solution
Update the software
Update software to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| DOS Co., Ltd. | Notification of Vulnerabilities in SS1 and SS1 Cloud (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2025-46409, CVE-2025-52460, CVE-2025-53970, CVE-2025-54762, CVE-2025-54819
Ruslan Sayfiev, Denis Faiustov and Masahiro Kawada of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2025-53396, CVE-2025-58072, CVE-2025-58081
Masahiro Kawada of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-46409 |
|
CVE-2025-52460 |
|
|
CVE-2025-53396 |
|
|
CVE-2025-53970 |
|
|
CVE-2025-54762 |
|
|
CVE-2025-54819 |
|
|
CVE-2025-58072 |
|
|
CVE-2025-58081 |
|
| JVN iPedia |
JVNDB-2025-000064 |