CVE-2025-66956 - Vulnerability Analysis
CriticalCVSS: 9.9Last Updated: March 12, 2026
Asseco SEE Live - Broken Access Control
Overview
Asseco SEE Live 2.0 contains an insecure access control vulnerability in Contact Plan, E-Mail, SMS, and Fax components, letting remote attackers access and execute attachments via computable URLs, exploit requires no special privileges.
Severity & Score
Impact
Remote attackers can access and execute attachments, potentially leading to unauthorized code execution or data compromise.
Mitigation
Update to the latest version of Asseco SEE Live.
Social Media Activity(2 posts)
š“ CVE-2025-66956 - Critical (9.9) Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL. š https://www.thehackerwire.com/vulnerability/CVE-2025-66956/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2025-66956 - Critical (9.9) Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL. š https://www.thehackerwire.com/vulnerability/CVE-2025-66956/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2025-66956
- Severity
- Critical
- CVSS Score
- 9.9
- Type
- broken_access_control
- Status
- unconfirmed
- EPSS
- 9.5%
- Social Posts
- 2
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H