CVE-2025-66955

MEDIUM

Asseco SEE Live 2.0 - Path Traversal

Title source: llm

Description

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.

References (4)

[Various Sources] http://asseco.com

[Various Sources] http://live.com

[Exploit, Third Party Advisory] https://github.com/TheWoodenBench/CVE-2025-66955

View Exploit ZIP pw:eip

[Various Sources] https://live.asee.io/

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 15.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Published Mar 12, 2026

Tracked Since Mar 13, 2026