PT-2025-43146 · Eclipse · Eclipse Vert.X

Sho Odagiri

Published

2025-10-22

Updated

2025-10-22

CVE-2025-11965

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions 4.0.0 through 4.5.21 Eclipse Vert.x versions 5.0.0 through 5.0.4

Description A configuration issue in StaticHandler within Eclipse Vert.x allows unauthorized access to hidden directories. Specifically, the intended restriction of access to hidden files does not extend to hidden directories, potentially exposing files within them, such as '.git/config'.

Recommendations Update Eclipse Vert.x to a version beyond 5.0.4. Update Eclipse Vert.x to a version beyond 4.5.21.

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

CVE-2025-11965

ECHO-7CCB-FF37-0C34

GHSA-H5FG-JPGR-RV9C

Affected Products

Eclipse Vert.X

PT-2025-43146 · Eclipse · Eclipse Vert.X

CVE-2025-11965

Weakness Enumeration

Related Identifiers

Affected Products

References · 7