CVE Catalog

CVE-2025-66956

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.49%

38th percentile - higher than 38% of all known CVEs

Summary

Insecure access control in Asseco SEE Live 2.0's Contact Plan, E-Mail, SMS and Fax components allows remote attackers to access and execute attachments via a computable URL.

Risk Assessment

The organization is at risk of unauthorized access to sensitive data and potential execution of malicious code, leading to confidentiality and integrity breaches.

Recommendation

Immediately update Asseco SEE Live 2.0 to the latest version and implement authentication and authorization mechanisms for attachment access.

Original NVD description (English source)

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS