CVE-2025-66955

Published: Mar 12, 2026 Last Modified: Mar 12, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via 'path' parameter in the downloadAttachment and downloadAttachmentFromPath API calls.

http://asseco.com
http://asseco.com
http://live.com
http://live.com
https://github.com/TheWoodenBench/CVE-2025-66955
https://github.com/TheWoodenBench/CVE-2025-66955