Asseco SEE Live 2.0: Unauthorized Access to Attachments via URL

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.9

Asseco SEE Live 2.0: Unauthorized Access to Attachments via URL

CVE-2025-66956

Summary

Some attachments in Asseco SEE Live 2.0's contact management features can be accessed without permission. This could let an unauthorized person see or even run files they shouldn't be able to. Update the software to fix this issue.

Original title

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.

Original description

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.

nvd CVSS3.1 9.9

Vulnerability type

CWE-284 Improper Access Control

http://asseco.com
http://live.com
https://github.com/TheWoodenBench/CVE-2025-66956
https://live.asee.io/

Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026