Home / Vulnerability Intelligence / CVE-2025-66955

CVE-2025-66955 - Vulnerability Analysis

N/a

Last Updated: March 13, 2026

Asseco SEE Live - Local File Inclusion

Published: March 12, 2026Updated: March 13, 2026PoC Available

Overview

Asseco SEE Live 2.0 contains a local file inclusion caused by improper validation of the "path" parameter in downloadAttachment and downloadAttachmentFromPath API calls, letting remote authenticated users access files on the host, exploit requires user authentication.

Severity & Score

Severity: N/a

Impact

Remote authenticated users can access arbitrary files on the host, potentially exposing sensitive information.

Mitigation

Update to the latest version with the fix applied.

References

https://live.asee.io/
http://asseco.com
http://live.com
https://github.com/TheWoodenBench/CVE-2025-66955

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-66955
Severity: N/a
Type: path_traversal
Status: unconfirmed

CVSS Metrics

N/A