CVE-2025-11842 MEDIUM

CVE-2025-11842: Shazwazza Smidge Bundle path traversal

Vendor Shazwazza
Product Smidge
Weakness CWE-22 · Path traversal
Published October 16, 2025
Last update October 16, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is sufficient to resolve this issue. It is recommended to upgrade the affected component.

Key dates

02Disclosure timeline

October 16, 2025 CVE published
October 16, 2025 Record updated