CVE-2025-11965
- Source
- https://cve.org/CVERecord?id=CVE-2025-11965
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11965.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-11965
- Aliases
- Downstream
- Related
- Published
- 2025-10-22T15:15:31.590Z
- Modified
- 2026-02-14T07:58:03.847395Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/config').
- References
Affected packages
Git / github.com/eclipse-vertx/vert.x
Affected versions
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.1.0
4.1.0.Beta1
4.1.0.CR1
4.1.0.CR2
4.1.1
4.2.0
4.2.0.Beta1
4.2.0.CR1
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.5.0
4.5.1
4.5.10
4.5.11
4.5.12
4.5.13
4.5.14
4.5.15
4.5.16
4.5.17
4.5.18
4.5.19
4.5.2
4.5.20
4.5.21
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9
5.*
5.0.0
5.0.0.CR1
5.0.0.CR2
5.0.0.CR3
5.0.0.CR4
5.0.0.CR6
5.0.0.CR7
5.0.0.CR8
5.0.1
5.0.2
5.0.3
5.0.4
Git / github.com/vert-x3/vertx-web
Affected versions
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.1.0
4.1.0.Beta1
4.1.0.CR1
4.1.0.CR2
4.1.1
4.2.0
4.2.0.Beta1
4.2.0.CR1
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.5.0
4.5.1
4.5.10
4.5.11
4.5.12
4.5.13
4.5.14
4.5.15
4.5.16
4.5.17
4.5.18
4.5.19
4.5.2
4.5.20
4.5.21
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9
5.*
5.0.0
5.0.0.CR1
5.0.0.CR2
5.0.0.CR3
5.0.0.CR4
5.0.0.CR6
5.0.0.CR7
5.0.0.CR8
5.0.1
5.0.2
5.0.3
5.0.4