Path Traversal Vulnerability in Smidge by Shazwazza
CVE-2025-11842

5.3MEDIUM

Key Information:

Vendor

Shazwazza

Status
Smidge
Vendor
CVE Published:
16 October 2025

What is CVE-2025-11842?

A vulnerability in Shazwazza's Smidge component, specifically affecting versions up to 4.5.1, allows for path traversal due to improper handling of the argument 'Version' in the Bundle Handler function. This flaw could enable an attacker to exploit the system remotely, potentially creating arbitrary files or accessing unauthorized paths. Upgrading to Smidge version 4.6.0 effectively resolves this security issue, making it imperative for users to apply the latest updates.

Affected Version(s)

Smidge 4.5.0

Smidge 4.5.1

Smidge 4.6.0

References

https://vuldb.com/?id.328776
vdb-entrytechnical-description
https://vuldb.com/?ctiid.328776
signaturepermissions-required
https://vuldb.com/?submit.664905
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

asust9 (VulDB User)
JSON
.
CVE-2025-11842 : Path Traversal Vulnerability in Smidge by Shazwazza