cvedb.io
CVE-2025-66955
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-03-12T19:16:15.077 · Last modified 2026-06-17T09:57:21.287

Summary

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.

Affected products

asseco — live

Does this affect you?

Add your gear to cvedb and we'll alert you only when asseco ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.