CVE-2025-11965

Source
https://cve.org/CVERecord?id=CVE-2025-11965
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11965.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-11965
Aliases
Downstream
Related
Published
2025-10-22T14:50:07.602Z
Modified
2026-07-15T01:48:56.691129191Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
[none]
Details

In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/config').

Database specific
{
    "cna_assigner": "eclipse",
    "cwe_ids": [
        "CWE-552"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "4.0.0"
                },
                {
                    "fixed": "4.5.22"
                },
                {
                    "introduced": "5.0.0"
                },
                {
                    "fixed": "5.0.5"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11965.json"
}
References

Affected packages

Git / github.com/eclipse-vertx/vert.x

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-vertx/vert.x
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.5.22"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.5"
        }
    ]
}

Affected versions

4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.1.0
4.1.0.Beta1
4.1.0.CR1
4.1.0.CR2
4.1.1
4.2.0
4.2.0.Beta1
4.2.0.CR1
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.5.0
4.5.1
4.5.10
4.5.11
4.5.12
4.5.13
4.5.14
4.5.15
4.5.16
4.5.17
4.5.18
4.5.19
4.5.2
4.5.20
4.5.21
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11965.json"

Git / github.com/vert-x3/vertx-web

Affected ranges

Type
GIT
Repo
https://github.com/vert-x3/vertx-web
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.5.22"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.5"
        }
    ]
}

Affected versions

4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.1.0
4.1.0.Beta1
4.1.0.CR1
4.1.0.CR2
4.1.1
4.2.0
4.2.0.Beta1
4.2.0.CR1
4.2.1
4.2.2
4.2.4
4.2.5
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.5.0
4.5.1
4.5.10
4.5.11
4.5.12
4.5.13
4.5.14
4.5.15
4.5.16
4.5.17
4.5.18
4.5.19
4.5.2
4.5.20
4.5.21
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11965.json"