CVE-2025-14702

Summary

A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Smartbit CommVSmartschool App10.4.0affected
Smartbit CommVSmartschool App10.4.1affected
Smartbit CommVSmartschool App10.4.2affected
Smartbit CommVSmartschool App10.4.3affected
Smartbit CommVSmartschool App10.4.4affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References