← Retour aux CVEs
CVE-2025-66955
MEDIUM6.5
Description
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie3/12/2026
Derniere modification3/16/2026
Sourcenvd
Observations honeypot0
References
http://asseco.com(cve@mitre.org)
https://github.com/TheWoodenBench/CVE-2025-66955(cve@mitre.org)
https://live.asee.io/(cve@mitre.org)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.