Multiple vulnerabilities in DOS Co. SS1 and SS1 Cloud
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2025-46409 CVE-2025-52460 CVE-2025-53396 CVE-2025-53970 CVE-2025-54762 CVE-2025-54819 CVE-2025-58072 CVE-2025-58081 |
| CWE-ID | CWE-326 CWE-552 CWE-732 CWE-434 CWE-22 CWE-259 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SS1 Server applications / Remote management servers, RDP, SSH SS1 Cloud Server applications / Database software |
| Vendor | DOS Co |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Inadequate Encryption Strength
EUVDB-ID: #VU115207
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-46409
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a inadequate encryption strength. A remote attacker can gain access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSS1: 16.0.0.10 and previous versions
CPE2.3 External linkshttps://jvn.jp/en/jp/JVN99577552/
https://www.dos-osaka.co.jp/news/2025/08/250827.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Files or Directories Accessible to External Parties
EUVDB-ID: #VU115208
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-52460
CWE-ID:
CWE-552 - Files or Directories Accessible to External Parties
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the files or directories accessible to external parties. A remote attacker can gain access to uploaded files and SS1 configuration files.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSS1: 16.0.0.10 and previous versions
SS1 Cloud: 2.1.3 and previous versions
CPE2.3- cpe:2.3:a:dos_co:ss1:*:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1:16.0.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1_cloud:*:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1_cloud:2.1.3:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN99577552/
https://www.dos-osaka.co.jp/news/2025/08/250827.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect permission assignment for critical resource
EUVDB-ID: #VU115209
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-53396
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect permission assignment for critical resource. A local user can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSS1: 16.0.0.10 and previous versions
CPE2.3 External linkshttps://jvn.jp/en/jp/JVN99577552/
https://www.dos-osaka.co.jp/news/2025/08/250827.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Arbitrary file upload
EUVDB-ID: #VU115210
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-53970
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload a malicious file and execute it on the server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSS1: 16.0.0.10 and previous versions
SS1 Cloud: 2.1.3 and previous versions
CPE2.3- cpe:2.3:a:dos_co:ss1:*:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1:16.0.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1_cloud:*:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1_cloud:2.1.3:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN99577552/
https://www.dos-osaka.co.jp/news/2025/08/250827.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Arbitrary file upload
EUVDB-ID: #VU115211
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-54762
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload a malicious file and execute it on the server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSS1: 16.0.0.10 and previous versions
CPE2.3 External linkshttps://jvn.jp/en/jp/JVN99577552/
https://www.dos-osaka.co.jp/news/2025/08/250827.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Path traversal
EUVDB-ID: #VU115212
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-54819
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can send a specially crafted HTTP request and overwrite arbitrary files on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSS1: 16.0.0.10 and previous versions
SS1 Cloud: 2.1.3 and previous versions
CPE2.3- cpe:2.3:a:dos_co:ss1:*:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1:16.0.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1_cloud:*:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1_cloud:2.1.3:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN99577552/
https://www.dos-osaka.co.jp/news/2025/08/250827.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Path traversal
EUVDB-ID: #VU115213
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-58072
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSS1: 16.0.0.10 and previous versions
SS1 Cloud: 2.1.3 and previous versions
CPE2.3- cpe:2.3:a:dos_co:ss1:*:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1:16.0.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1_cloud:*:*:*:*:*:*:*:*
- cpe:2.3:a:dos_co:ss1_cloud:2.1.3:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN99577552/
https://www.dos-osaka.co.jp/news/2025/08/250827.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of Hard-coded Password
EUVDB-ID: #VU115214
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-58081
CWE-ID:
CWE-259 - Use of Hard-coded Password
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use a hard-coded password. A remote attacker can gain access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSS1: 16.0.0.10 and previous versions
CPE2.3 External linkshttps://jvn.jp/en/jp/JVN99577552/
https://www.dos-osaka.co.jp/news/2025/08/250827.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
