Home / Vulnerability Intelligence / CVE-2025-66955

CVE-2025-66955 - Vulnerability Analysis

MediumCVSS: 6.5

Last Updated: March 16, 2026

Asseco SEE Live - Local File Inclusion

Published: March 12, 2026Updated: March 16, 2026PoC AvailableRemote Exploitable

Overview

Asseco SEE Live 2.0 contains a local file inclusion caused by improper validation of the "path" parameter in downloadAttachment and downloadAttachmentFromPath API calls, letting remote authenticated users access files on the host, exploit requires user authentication.

Severity & Score

Severity: Medium

CVSS Score: 6.5

Impact

Remote authenticated users can access arbitrary files on the host, potentially exposing sensitive information.

Mitigation

Update to the latest version with the fix applied.

References

http://asseco.com
http://live.com
https://github.com/TheWoodenBench/CVE-2025-66955
https://live.asee.io/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-66955
Severity: Medium
CVSS Score: 6.5
Type: path_traversal
Status: unconfirmed

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N