Medium severity6.5NVD Advisory· Published Apr 29, 2026· Updated Apr 29, 2026

CVE-2018-25312

Description

LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to arbitrary locations on the system, enabling remote code execution.

Affected products

Lifesize/Clearseainferred2 versions
=3.1.4+ 1 more
- (no CPE)range: =3.1.4
- (no CPE)range: =3.1.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/44390nvd
www.vulncheck.com/advisories/lifesize-clearsea-directory-traversal-remote-code-executionnvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000