CVE-2025-66956
Insecure Access Control in Asseco SEE Live 2.0 Enables Remote Execution
Publication date: 2026-03-11
Last updated on: 2026-03-13
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asseco | see_live | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-66956 is an insecure access control vulnerability found in the Contact Plan, E-Mail, SMS, and Fax components of Asseco SEE Live 2.0. It allows remote attackers to access and execute file attachments by using a computable URL.
When a file is sent as an attachment or received via email and displayed in the application, the system automatically downloads the attachment to the host. Attackers can compute the MD5 hash of the file and then access it directly through a URL structured with the date and the MD5 hash of the file, enabling them to execute the attachment remotely.
How can this vulnerability impact me? :
This vulnerability has a critical impact on confidentiality, integrity, and availability of the affected system. Remote attackers can execute attachments without user interaction, potentially leading to unauthorized code execution, data breaches, and system compromise.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for accessible URLs that follow the pattern used by the vulnerable Asseco SEE Live 2.0 application to serve attachments. Specifically, attackers can compute the MD5 hash of a file and attempt to access it via a URL structured as: https://[host]/live20files/emailFiles/private/[date_in_format_YYYY-MM-DD]/[MD5_hash_of_file].[file_extension].'}, {'type': 'paragraph', 'content': 'To detect this on your system or network, you can scan web server logs or use network monitoring tools to identify requests matching this URL pattern.'}, {'type': 'paragraph', 'content': 'Suggested commands might include using curl or wget to test access to such URLs if you have known attachment files and their hashes. For example:'}, {'type': 'list_item', 'content': 'curl -I https://[host]/live20files/emailFiles/private/2025-11-20/1f5534acb23426d83b5f7d2fd12c1b0d.php'}, {'type': 'list_item', 'content': 'wget --spider https://[host]/live20files/emailFiles/private/2025-11-20/1f5534acb23426d83b5f7d2fd12c1b0d.php'}, {'type': 'paragraph', 'content': 'Additionally, you can search your web server access logs for requests matching the pattern "/live20files/emailFiles/private/" to identify potential exploitation attempts.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the URL paths serving attachments to authorized users only, implementing proper access control checks on these resources, and disabling direct access to attachment files via predictable URLs.
Additionally, reviewing and updating the application to fix the insecure access control vulnerability is critical. Until a patch is applied, consider blocking or filtering requests to the vulnerable URL patterns at the web server or firewall level.
Monitoring logs for suspicious access attempts and educating users about the risks of opening attachments from untrusted sources can also help reduce exploitation risk.