CVE-2025-66955 | THREATINT

Description

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.

PUBLISHED Reserved 2025-12-08 | Published 2026-03-12 | Updated 2026-03-13 | Assigner mitre

References

asseco.com

github.com/TheWoodenBench/CVE-2025-66955

live.asee.io/

cve.org (CVE-2025-66955)

nvd.nist.gov (CVE-2025-66955)

Download JSON