CVE-2025-66955
Local File Inclusion in Asseco SEE Live 2.0 APIs Enables File Access
Publication date: 2026-03-12
Last updated on: 2026-03-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asseco | see_live | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-66955 is a Local File Inclusion (LFI) vulnerability in the Contact Plan, E-Mail, SMS, and Fax components of Asseco SEE Live 2.0. It allows remote authenticated users to access arbitrary files on the host system by exploiting the "path" parameter in two API calls: downloadAttachment and downloadAttachmentFromPath.'}, {'type': 'paragraph', 'content': 'An attacker with low-level authentication can send specially crafted HTTP POST requests to the /live20/index.php endpoint, specifying the method and the "path" parameter pointing to the target file (for example, /etc/passwd). This enables the attacker to read sensitive files on the server.'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to significant information disclosure by allowing attackers to read sensitive files on the server. Since the vulnerability affects confidentiality with a high impact score, attackers could gain access to critical data stored on the host.
Although it does not affect integrity or availability, the exposure of sensitive information could facilitate further exploitation or unauthorized access, potentially compromising the security of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for HTTP POST requests to the /live20/index.php endpoint that invoke the methods Email.downloadAttachment or Email.downloadAttachmentFromPath with a "path" parameter pointing to sensitive files.'}, {'type': 'paragraph', 'content': 'A detection approach involves capturing and analyzing network traffic or server logs for suspicious multipart/form-data POST requests containing these parameters.'}, {'type': 'paragraph', 'content': 'Example commands to detect potential exploitation attempts include using curl to simulate the exploit or using network monitoring tools to filter relevant traffic.'}, {'type': 'list_item', 'content': "curl -X POST https://target/live20/index.php -F 'method=Email.downloadAttachment' -F 'path=/etc/passwd' -F 'id=1' -F 'downloadToken=token'"}, {'type': 'list_item', 'content': "tcpdump or Wireshark filters to capture POST requests to /live20/index.php containing 'downloadAttachment' and 'path=' parameters."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting access to the vulnerable API endpoints to only trusted and authenticated users with the least privileges.'}, {'type': 'paragraph', 'content': 'Additionally, monitoring and blocking suspicious requests that attempt to exploit the "path" parameter can help reduce risk.'}, {'type': 'paragraph', 'content': 'Applying any available patches or updates from Asseco for SEE Live 2.0 is recommended once released.'}, {'type': 'paragraph', 'content': 'As a temporary workaround, consider implementing web application firewall (WAF) rules to block requests containing suspicious path traversal or file inclusion patterns.'}] [1]