Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Asseco SEE Live 2.0 allows authenticated users to access local files via email and attachments
CVE-2025-66955
Summary
The Asseco SEE Live 2.0 system contains a security flaw that lets users with a login access internal files on the server by manipulating a specific input field in the email and attachment features. This could allow an attacker to view sensitive information. To protect your system, update Asseco SEE Live 2.0 to the latest version available.
Original title
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachm...
Original description
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026