CVE-2018-25312

LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to arb...

medium 6.5 CVSS 3.1

Published: Apr 29, 2026

Modified: Apr 29, 2026

Description

LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to arbitrary locations on the system, enabling remote code execution.

References

https://www.exploit-db.com/exploits/44390
https://www.vulncheck.com/advisories/lifesize-clearsea-directory-traversal-remote-code-execution

Version	3.1
Score	6.5 / 10
Severity	medium