CVE-2025-66956
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk38th percentile - higher than 38% of all known CVEs
Summary
Insecure access control in Asseco SEE Live 2.0's Contact Plan, E-Mail, SMS and Fax components allows remote attackers to access and execute attachments via a computable URL.
Risk Assessment
The organization is at risk of unauthorized access to sensitive data and potential execution of malicious code, leading to confidentiality and integrity breaches.
Recommendation
Immediately update Asseco SEE Live 2.0 to the latest version and implement authentication and authorization mechanisms for attachment access.
Original NVD description (English source)
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.

