CVE-2018-25312

MEDIUM

LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25312. PoCs published by rsp3ar.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in LifeSize ClearSea 3.1.4, allowing authenticated attackers to upload arbitrary files (leading to RCE) and download sensitive files. The PoC authenticates as admin and uploads a test file to the root directory via path traversal.

Description

LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to arbitrary locations on the system, enabling remote code execution.

Exploits (1)

exploitdb WORKING POC

by rsp3ar · pythonwebappswindows

https://www.exploit-db.com/exploits/44390

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in LifeSize ClearSea 3.1.4, allowing authenticated attackers to upload arbitrary files (leading to RCE) and download sensitive files. The PoC authenticates as admin and uploads a test file to the root directory via path traversal.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: LifeSize ClearSea 3.1.4

Auth required

Prerequisites: admin credentials · network access to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory third-party-advisory

VulnCheck Advisory: LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution

https://www.vulncheck.com/advisories/lifesize-clearsea-directory-traversal-remote-code-execution

Exploit exploit

ExploitDB-44390

https://www.exploit-db.com/exploits/44390

Scores

CVSS v3 6.5

EPSS 0.0093

EPSS Percentile 56.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

LifeSize/ClearSea 3.1.4

Published Apr 29, 2026

Tracked Since Apr 30, 2026