CVE-2025-11842: Smidge is vulnerable to Path Traversal

October 16, 2025

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is possible. Upgrading to version 4.6.0 is sufficient to resolve this issue. It is recommended to upgrade the affected component.

References

github.com/Shazwazza/Smidge
github.com/Shazwazza/Smidge/releases/tag/v4.6.0
github.com/advisories/GHSA-9rvm-p3qm-f4vv
github.com/asust9/smidge-vuln?tab=readme-ov-file
nvd.nist.gov/vuln/detail/CVE-2025-11842
vuldb.com/?id.328776
vuldb.com/?submit.664905

Code Behaviors & Features

Detect and mitigate CVE-2025-11842 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →