CVE-2025-11143

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jetty (affected versions not specified)

Description The Jetty URI parser exhibits differences in how it evaluates invalid or unusual URIs compared to other common parsers. This differential parsing of URIs, particularly in systems with multiple components, can lead to security bypasses. A component enforcing a blacklist, for example, might interpret URIs differently from a component generating a response. At a minimum, this discrepancy can reveal implementation details.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CLEANSTART-2026-AO61361

CLEANSTART-2026-DC73689

CLEANSTART-2026-DS86833

CLEANSTART-2026-EP51501

CLEANSTART-2026-GH89210

CLEANSTART-2026-GM79879

CLEANSTART-2026-GQ14179

CLEANSTART-2026-IA43044

CLEANSTART-2026-JU62349

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-RG24361

CLEANSTART-2026-RN56220

CLEANSTART-2026-SQ91016

CLEANSTART-2026-SV95049

CLEANSTART-2026-WK99982

CVE-2025-11143

GHSA-WJPW-4J6X-6RWH

OPENSUSE-SU-2026:10300-1

SUSE-SU-2026:1461-1

Affected Products

Jetty

CVE-2025-11143

Weakness Enumeration

Related Identifiers

Affected Products

References · 374