CVE Catalog

CVE-2025-66955

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile - higher than 19% of all known CVEs

Summary

Local File Inclusion vulnerability in Contact Plan, E-Mail, SMS and Fax components of Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via the "path" parameter in downloadAttachment and downloadAttachmentFromPath API calls.

Risk Assessment

The organization is at risk of unauthorized reading of sensitive system files, potentially leading to disclosure of configuration data, passwords, or other confidential information.

Recommendation

Immediately update Asseco SEE Live 2.0 to the latest patched version and restrict API access to trusted users only.

Original NVD description (English source)

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS