Shazwazza Smidge Bundle path traversal_CVE-2025-11842

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is sufficient to resolve this issue. It is recommended to upgrade the affected component.

Basic Information

ID CVE-2025-11842

Source VulDB

Published Oct 16, 2025 at 15:32

Modified Oct 16, 2025 at 16:19

Affected Product

Vendor Shazwazza

Product Smidge

Version 4.5.0

Affected Versions Shazwazza Smidge 4.5.0
Shazwazza Smidge 4.5.1

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is sufficient to resolve this issue. It is recommended to upgrade the affected component.",
    "published": "2025-10-16T15:32:14.804Z",
    "modified": "2025-10-16T16:19:36.391Z",
    "type": "cve",
    "title": "Shazwazza Smidge Bundle path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.328776\nhttps://vuldb.com/?ctiid.328776\nhttps://vuldb.com/?submit.664905\nhttps://github.com/asust9/smidge-vuln?tab=readme-ov-file\nhttps://github.com/Shazwazza/Smidge/releases/tag/v4.6.0",
    "id": "CVE-2025-11842",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Shazwazza Smidge 4.5.0\nShazwazza Smidge 4.5.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Smidge",
    "version": "4.5.0",
    "vendor": "Shazwazza",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}