CVE-2025-66955

6.5 MEDIUM

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access f...

Published: 2026-03-12 · Last updated: 2026-06-02

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-552

Affected products

Vendor	Product
asseco	live

Description

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-66955
[Other]http://asseco.com
[Other]https://github.com/TheWoodenBench/CVE-2025-66955
[Other]https://live.asee.io/

Related CVEs

Same CWE

CVE-2025-14771 — Files or directories accessible to external parties vulnerability in ABB T-MAC Plus (9.9 CRITICAL)
CVE-2026-45543 — Nextcloud is an open source content collaboration platform (5.3 MEDIUM)
CVE-2026-40425 — The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to auth... (5.7 MEDIUM)
CVE-2026-45088 — Dalfox is a powerful open-source XSS scanner and utility focused on automation (7.5 HIGH)
CVE-2024-56462 — IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be rest... (7.2 HIGH)