Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
18 vulnerabilities found for SS1 by DOS Co., Ltd.
CVE-2025-58081 (GCVE-0-2025-58081)
Vulnerability from nvd – Published: 2025-08-28 08:28 – Updated: 2025-08-28 13:43
VLAI?
Summary
Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges.
Severity ?
CWE
- CWE-259 - Use of hard-coded password
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:42:28.909872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:43:05.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of hard-coded password",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:28:38.426Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58081",
"datePublished": "2025-08-28T08:28:38.426Z",
"dateReserved": "2025-08-25T06:42:29.610Z",
"dateUpdated": "2025-08-28T13:43:05.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58072 (GCVE-0-2025-58072)
Vulnerability from nvd – Published: 2025-08-28 08:28 – Updated: 2025-08-28 13:44
VLAI?
Summary
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, arbitrary files may be viewed by a remote unauthenticated attacker.
Severity ?
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:43:47.204556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:44:05.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)"
}
]
},
{
"product": "SS1 Cloud",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.2.1.3 and earlier (Affected under MacOS environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, arbitrary files may be viewed by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:28:33.132Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58072",
"datePublished": "2025-08-28T08:28:33.132Z",
"dateReserved": "2025-08-25T06:42:28.664Z",
"dateUpdated": "2025-08-28T13:44:05.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54819 (GCVE-0-2025-54819)
Vulnerability from nvd – Published: 2025-08-28 08:28 – Updated: 2025-08-28 13:45
VLAI?
Summary
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker.
Severity ?
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:44:51.038559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:45:19.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier)"
}
]
},
{
"product": "SS1 Cloud",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.2.1.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:28:24.751Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-54819",
"datePublished": "2025-08-28T08:28:24.751Z",
"dateReserved": "2025-08-25T06:42:33.576Z",
"dateUpdated": "2025-08-28T13:45:19.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54762 (GCVE-0-2025-54762)
Vulnerability from nvd – Published: 2025-08-28 08:28 – Updated: 2025-08-28 14:12
VLAI?
Summary
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted upload of file with dangerous type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Windows environment only)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:11:03.816088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:12:10.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Windows environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted upload of file with dangerous type",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:28:14.302Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-54762",
"datePublished": "2025-08-28T08:28:14.302Z",
"dateReserved": "2025-08-25T06:42:26.781Z",
"dateUpdated": "2025-08-28T14:12:10.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53970 (GCVE-0-2025-53970)
Vulnerability from nvd – Published: 2025-08-28 08:28 – Updated: 2025-08-28 14:14
VLAI?
Summary
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted upload of file with dangerous type
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under Windows environment only)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:13:14.905116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:14:40.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under Windows environment only)"
}
]
},
{
"product": "SS1 Cloud",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.2.1.3 and earlier (Affected under Windows environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted upload of file with dangerous type",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:28:07.400Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53970",
"datePublished": "2025-08-28T08:28:07.400Z",
"dateReserved": "2025-08-25T06:42:27.784Z",
"dateUpdated": "2025-08-28T14:14:40.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53396 (GCVE-0-2025-53396)
Vulnerability from nvd – Published: 2025-08-28 08:27 – Updated: 2025-08-28 14:12
VLAI?
Summary
Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges.
Severity ?
CWE
- CWE-732 - Incorrect permission assignment for critical resource
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:12:09.493190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:12:17.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)"
}
]
},
{
"product": "SS1 Cloud",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.2.1.3 and earlier (Affected under MacOS environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect permission assignment for critical resource",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:27:58.670Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53396",
"datePublished": "2025-08-28T08:27:58.670Z",
"dateReserved": "2025-08-25T06:42:25.516Z",
"dateUpdated": "2025-08-28T14:12:17.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52460 (GCVE-0-2025-52460)
Vulnerability from nvd – Published: 2025-08-28 08:27 – Updated: 2025-08-28 14:17
VLAI?
Summary
Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker.
Severity ?
5.3 (Medium)
CWE
- CWE-552 - Files or directories accessible to external parties
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under Windows environment only)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:17:11.499966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:17:26.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under Windows environment only)"
}
]
},
{
"product": "SS1 Cloud",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.2.1.3 and earlier (Affected under Windows environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or directories accessible to external parties",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:27:52.965Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-52460",
"datePublished": "2025-08-28T08:27:52.965Z",
"dateReserved": "2025-08-25T06:42:31.576Z",
"dateUpdated": "2025-08-28T14:17:26.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46409 (GCVE-0-2025-46409)
Vulnerability from nvd – Published: 2025-08-28 08:27 – Updated: 2025-08-28 14:17
VLAI?
Summary
Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker.
Severity ?
CWE
- CWE-326 - Inadequate encryption strength
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:17:37.556191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:17:54.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "Inadequate encryption strength",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:27:44.793Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-46409",
"datePublished": "2025-08-28T08:27:44.793Z",
"dateReserved": "2025-08-25T06:42:30.553Z",
"dateUpdated": "2025-08-28T14:17:54.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58081 (GCVE-0-2025-58081)
Vulnerability from cvelistv5 – Published: 2025-08-28 08:28 – Updated: 2025-08-28 13:43
VLAI?
Summary
Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges.
Severity ?
CWE
- CWE-259 - Use of hard-coded password
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:42:28.909872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:43:05.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of hard-coded password",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:28:38.426Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58081",
"datePublished": "2025-08-28T08:28:38.426Z",
"dateReserved": "2025-08-25T06:42:29.610Z",
"dateUpdated": "2025-08-28T13:43:05.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58072 (GCVE-0-2025-58072)
Vulnerability from cvelistv5 – Published: 2025-08-28 08:28 – Updated: 2025-08-28 13:44
VLAI?
Summary
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, arbitrary files may be viewed by a remote unauthenticated attacker.
Severity ?
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:43:47.204556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:44:05.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)"
}
]
},
{
"product": "SS1 Cloud",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.2.1.3 and earlier (Affected under MacOS environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, arbitrary files may be viewed by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:28:33.132Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58072",
"datePublished": "2025-08-28T08:28:33.132Z",
"dateReserved": "2025-08-25T06:42:28.664Z",
"dateUpdated": "2025-08-28T13:44:05.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54819 (GCVE-0-2025-54819)
Vulnerability from cvelistv5 – Published: 2025-08-28 08:28 – Updated: 2025-08-28 13:45
VLAI?
Summary
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker.
Severity ?
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:44:51.038559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:45:19.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier)"
}
]
},
{
"product": "SS1 Cloud",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.2.1.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:28:24.751Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-54819",
"datePublished": "2025-08-28T08:28:24.751Z",
"dateReserved": "2025-08-25T06:42:33.576Z",
"dateUpdated": "2025-08-28T13:45:19.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54762 (GCVE-0-2025-54762)
Vulnerability from cvelistv5 – Published: 2025-08-28 08:28 – Updated: 2025-08-28 14:12
VLAI?
Summary
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted upload of file with dangerous type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Windows environment only)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:11:03.816088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:12:10.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Windows environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted upload of file with dangerous type",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:28:14.302Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-54762",
"datePublished": "2025-08-28T08:28:14.302Z",
"dateReserved": "2025-08-25T06:42:26.781Z",
"dateUpdated": "2025-08-28T14:12:10.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53970 (GCVE-0-2025-53970)
Vulnerability from cvelistv5 – Published: 2025-08-28 08:28 – Updated: 2025-08-28 14:14
VLAI?
Summary
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted upload of file with dangerous type
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under Windows environment only)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:13:14.905116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:14:40.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under Windows environment only)"
}
]
},
{
"product": "SS1 Cloud",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.2.1.3 and earlier (Affected under Windows environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted upload of file with dangerous type",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:28:07.400Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53970",
"datePublished": "2025-08-28T08:28:07.400Z",
"dateReserved": "2025-08-25T06:42:27.784Z",
"dateUpdated": "2025-08-28T14:14:40.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53396 (GCVE-0-2025-53396)
Vulnerability from cvelistv5 – Published: 2025-08-28 08:27 – Updated: 2025-08-28 14:12
VLAI?
Summary
Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges.
Severity ?
CWE
- CWE-732 - Incorrect permission assignment for critical resource
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:12:09.493190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:12:17.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under MacOS environment only)"
}
]
},
{
"product": "SS1 Cloud",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.2.1.3 and earlier (Affected under MacOS environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect permission assignment for critical resource",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:27:58.670Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53396",
"datePublished": "2025-08-28T08:27:58.670Z",
"dateReserved": "2025-08-25T06:42:25.516Z",
"dateUpdated": "2025-08-28T14:12:17.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52460 (GCVE-0-2025-52460)
Vulnerability from cvelistv5 – Published: 2025-08-28 08:27 – Updated: 2025-08-28 14:17
VLAI?
Summary
Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker.
Severity ?
5.3 (Medium)
CWE
- CWE-552 - Files or directories accessible to external parties
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under Windows environment only)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:17:11.499966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:17:26.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) (Affected under Windows environment only)"
}
]
},
{
"product": "SS1 Cloud",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.2.1.3 and earlier (Affected under Windows environment only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or directories accessible to external parties",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:27:52.965Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-52460",
"datePublished": "2025-08-28T08:27:52.965Z",
"dateReserved": "2025-08-25T06:42:31.576Z",
"dateUpdated": "2025-08-28T14:17:26.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46409 (GCVE-0-2025-46409)
Vulnerability from cvelistv5 – Published: 2025-08-28 08:27 – Updated: 2025-08-28 14:17
VLAI?
Summary
Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker.
Severity ?
CWE
- CWE-326 - Inadequate encryption strength
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DOS Co., Ltd. | SS1 |
Affected:
Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:17:37.556191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:17:54.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SS1",
"vendor": "DOS Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "Inadequate encryption strength",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T08:27:44.793Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.dos-osaka.co.jp/news/2025/08/250827.html"
},
{
"url": "https://jvn.jp/en/jp/JVN99577552/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-46409",
"datePublished": "2025-08-28T08:27:44.793Z",
"dateReserved": "2025-08-25T06:42:30.553Z",
"dateUpdated": "2025-08-28T14:17:54.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2025-000064
Vulnerability from jvndb - Published: 2025-08-27 15:13 - Updated:2025-08-27 15:13
Severity ?
Summary
Multiple vulnerabilities in SS1
Details
SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below.
- Inadequate encryption strength (CWE-326) - CVE-2025-46409
- Files or directories accessible to external parties (CWE-552) - CVE-2025-52460
- Incorrect permission assignment for critical resource (CWE-732) - CVE-2025-53396
- Unrestricted upload of file with dangerous type (CWE-434) - CVE-2025-53970, CVE-2025-54762
- Path traversal (CWE-22) - CVE-2025-54819, CVE-2025-58072
- Use of hard-coded password (CWE-259) - CVE-2025-58081
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000064.html",
"dc:date": "2025-08-27T15:13+09:00",
"dcterms:issued": "2025-08-27T15:13+09:00",
"dcterms:modified": "2025-08-27T15:13+09:00",
"description": "SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eInadequate encryption strength (CWE-326) - CVE-2025-46409\u003c/li\u003e\r\n\u003cli\u003eFiles or directories accessible to external parties (CWE-552) - CVE-2025-52460\u003c/li\u003e\r\n\u003cli\u003eIncorrect permission assignment for critical resource (CWE-732) - CVE-2025-53396\u003c/li\u003e\r\n\u003cli\u003eUnrestricted upload of file with dangerous type (CWE-434) - CVE-2025-53970, CVE-2025-54762\u003c/li\u003e\r\n\u003cli\u003ePath traversal (CWE-22) - CVE-2025-54819, CVE-2025-58072\u003c/li\u003e\r\n\u003cli\u003eUse of hard-coded password (CWE-259) - CVE-2025-58081\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2025-46409, CVE-2025-52460, CVE-2025-53970, CVE-2025-54762, CVE-2025-54819\r\nRuslan Sayfiev, Denis Faiustov and Masahiro Kawada of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-53396, CVE-2025-58072, CVE-2025-58081\r\nMasahiro Kawada of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000064.html",
"sec:cpe": {
"#text": "cpe:/a:dos-osaka:ss1",
"@product": "SS1",
"@vendor": "DOS Co., Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000064",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN99577552/index.html",
"@id": "JVN#99577552",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-CVE-2025-46409",
"@id": "CVE-2025-46409",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-52460",
"@id": "CVE-2025-52460",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53396",
"@id": "CVE-2025-53396",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53970",
"@id": "CVE-2025-53970",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54762",
"@id": "CVE-2025-54762",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54819",
"@id": "CVE-2025-54819",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-58072",
"@id": "CVE-2025-58072",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-58081",
"@id": "CVE-2025-58081",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in SS1"
}
JVNDB-2023-000021
Vulnerability from jvndb - Published: 2023-03-01 15:57 - Updated:2024-06-06 18:02
Severity ?
Summary
Multiple vulnerabilities in SS1 and Rakuraku PC Cloud
Details
SS1 is asset management software and Rakuraku PC Cloud is cloud-based asset management service. SS1 and Rakuraku PC Cloud Agent contain multiple vulnerabilities listed below.
- Improper Access Control (CWE-284) - CVE-2023-22335
- Path Traversal (CWE-22) - CVE-2023-22336
- Use of Hard-coded Credentials (CWE-798) - CVE-2023-22344
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000021.html",
"dc:date": "2024-06-06T18:02+09:00",
"dcterms:issued": "2023-03-01T15:57+09:00",
"dcterms:modified": "2024-06-06T18:02+09:00",
"description": "SS1 is asset management software and Rakuraku PC Cloud is cloud-based asset management service. SS1 and Rakuraku PC Cloud Agent contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eImproper Access Control (CWE-284) - CVE-2023-22335\u003c/li\u003e\u003cli\u003ePath Traversal (CWE-22) - CVE-2023-22336\u003c/li\u003e\u003cli\u003eUse of Hard-coded Credentials (CWE-798) - CVE-2023-22344\u003c/li\u003e\u003c/ul\u003e\r\nDenis Faiustov, and Ruslan Sayfiev of GMO Cyber Security by IERAE reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000021.html",
"sec:cpe": [
{
"#text": "cpe:/a:dos-osaka:rakuraku_pc_cloud_agent",
"@product": "Raku-Raku-PC-Cloud Agent",
"@vendor": "DOS Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:dos-osaka:ss1",
"@product": "SS1",
"@vendor": "DOS Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000021",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN57224029/index.html",
"@id": "JVN#57224029",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22335",
"@id": "CVE-2023-22335",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22336",
"@id": "CVE-2023-22336",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22344",
"@id": "CVE-2023-22344",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22335",
"@id": "CVE-2023-22335",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22336",
"@id": "CVE-2023-22336",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22344",
"@id": "CVE-2023-22344",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in SS1 and Rakuraku PC Cloud"
}