CVE-2025-58072 is a high-severity path traversal vulnerability affecting DOS Co., Ltd.'s SS1 product, specifically versions 16.0.0.10 and earlier (Media version 16.0.0a and earlier) running under the MacOS environment. The vulnerability arises due to improper limitation of pathname inputs to restricted directories, allowing a remote, unauthenticated attacker to bypass directory restrictions and access arbitrary files on the affected system. This flaw does not require any user interaction or authentication, making it remotely exploitable over the network. The vulnerability impacts confidentiality by exposing potentially sensitive files to unauthorized parties, but it does not affect integrity or availability. The CVSS 3.0 base score of 7.5 reflects the ease of exploitation (network vector, low attack complexity, no privileges required, no user interaction) combined with a high impact on confidentiality. Although no known exploits are currently reported in the wild, the vulnerability's characteristics suggest it could be leveraged for information disclosure attacks, potentially exposing configuration files, credentials, or other sensitive data stored on the system. The issue is limited to MacOS environments, which narrows the scope but still affects organizations using this software on MacOS platforms. No patches or mitigation links are provided in the data, indicating that affected organizations need to monitor vendor advisories closely for updates or consider interim mitigations.

For European organizations using DOS Co., Ltd.'s SS1 product on MacOS, this vulnerability poses a significant risk of unauthorized data disclosure. Sensitive corporate data, intellectual property, or personal information could be exposed, leading to compliance violations under GDPR and other data protection regulations. The ability for unauthenticated remote attackers to access arbitrary files increases the risk of espionage, data leaks, and reputational damage. Organizations in sectors such as finance, healthcare, government, and critical infrastructure that rely on SS1 for operations may face elevated risks. The lack of integrity or availability impact limits the threat to confidentiality, but the exposure of sensitive files alone can have severe consequences. Additionally, the MacOS-specific nature means organizations with mixed OS environments must ensure MacOS instances are prioritized for remediation. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future exploitation, especially as proof-of-concept code or exploit tools may emerge.

1. Immediate mitigation should include restricting network access to SS1 services on MacOS systems, using firewalls or network segmentation to limit exposure to trusted hosts only. 2. Implement strict monitoring and logging of file access events on affected systems to detect suspicious activity indicative of exploitation attempts. 3. Conduct an inventory of all SS1 installations on MacOS within the organization to identify and prioritize vulnerable instances. 4. Apply vendor patches or updates as soon as they become available; in the absence of patches, consider disabling or isolating the affected functionality if feasible. 5. Employ application-layer controls such as web application firewalls (WAFs) that can detect and block path traversal attack patterns targeting SS1. 6. Educate IT and security teams about this vulnerability and the importance of rapid response to any alerts related to unauthorized file access. 7. Review and tighten file system permissions on MacOS hosts to minimize the amount of sensitive data accessible to the SS1 application process. 8. Consider deploying endpoint detection and response (EDR) solutions capable of identifying anomalous file access behaviors on MacOS systems.