CVE-2025-54819
Description
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A path traversal vulnerability in SS1 Ver.16.0.0.10 and earlier allows remote authenticated attackers to overwrite legitimate files.
Vulnerability
Overview CVE-2025-54819 is a path traversal vulnerability (CWE-22) in SS1 Ver.16.0.0.10 and earlier (Media version 16.0.0a and earlier). The software fails to properly restrict file paths, enabling an attacker to write files outside the intended directory [1].
Exploitation
A remote attacker with valid authentication can exploit this flaw by crafting a malicious request that traverses directory structures. No special network position is required beyond network access to the affected service [1][2].
Impact
Successful exploitation allows the attacker to overwrite legitimate files on the system. This could lead to data corruption, denial of service, or potentially arbitrary code execution if critical system files are replaced [1].
Mitigation
The vendor, DOS Co., Ltd., has released a fix. Users should update to the latest version of SS1 (or SS1 Cloud) as indicated in the vendor advisory [2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.