Moderate severityNVD Advisory· Published Oct 22, 2025· Updated Oct 22, 2025
CVE-2025-11965
CVE-2025-11965
Description
In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/config').
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.vertx:vertx-webMaven | < 4.5.22 | 4.5.22 |
io.vertx:vertx-webMaven | >= 5.0.0, < 5.0.5 | 5.0.5 |
Affected products
42- osv-coords41 versionspkg:apk/chainguard/apache-pulsarpkg:apk/chainguard/apache-pulsar-compatpkg:apk/chainguard/kafka_exporter-strimzi-compatpkg:apk/chainguard/kafka-strimzi-compatpkg:apk/chainguard/keycloak-26.4pkg:apk/chainguard/keycloak-26.4-iamguarded-compatpkg:apk/chainguard/keycloak-fips-26.4pkg:apk/chainguard/keycloak-fips-26.4-iamguarded-fipspkg:apk/chainguard/prometheus-jmx-exporter-strimzi-compatpkg:apk/chainguard/strimzi-kafka-operatorpkg:apk/chainguard/strimzi-kafka-operator-cluster-operatorpkg:apk/chainguard/strimzi-kafka-operator-kafka-agentpkg:apk/chainguard/strimzi-kafka-operator-kafka-agent-3pkg:apk/chainguard/strimzi-kafka-operator-kafka-basepkg:apk/chainguard/strimzi-kafka-operator-kafka-initpkg:apk/chainguard/strimzi-kafka-operator-kafka-thirdparty-libspkg:apk/chainguard/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/chainguard/strimzi-kafka-operator-mirror-maker-agentpkg:apk/chainguard/strimzi-kafka-operator-topic-operatorpkg:apk/chainguard/strimzi-kafka-operator-tracing-agentpkg:apk/chainguard/strimzi-kafka-operator-user-operatorpkg:apk/wolfi/apache-pulsarpkg:apk/wolfi/apache-pulsar-compatpkg:apk/wolfi/kafka_exporter-strimzi-compatpkg:apk/wolfi/kafka-strimzi-compatpkg:apk/wolfi/keycloak-26.4pkg:apk/wolfi/keycloak-26.4-iamguarded-compatpkg:apk/wolfi/prometheus-jmx-exporter-strimzi-compatpkg:apk/wolfi/strimzi-kafka-operatorpkg:apk/wolfi/strimzi-kafka-operator-cluster-operatorpkg:apk/wolfi/strimzi-kafka-operator-kafka-agentpkg:apk/wolfi/strimzi-kafka-operator-kafka-agent-3pkg:apk/wolfi/strimzi-kafka-operator-kafka-basepkg:apk/wolfi/strimzi-kafka-operator-kafka-initpkg:apk/wolfi/strimzi-kafka-operator-kafka-thirdparty-libspkg:apk/wolfi/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/wolfi/strimzi-kafka-operator-mirror-maker-agentpkg:apk/wolfi/strimzi-kafka-operator-topic-operatorpkg:apk/wolfi/strimzi-kafka-operator-tracing-agentpkg:apk/wolfi/strimzi-kafka-operator-user-operatorpkg:maven/io.vertx/vertx-web
< 4.1.1-r2+ 40 more
- (no CPE)range: < 4.1.1-r2
- (no CPE)range: < 4.1.1-r2
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.4.7-r12
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 4.1.1-r2
- (no CPE)range: < 4.1.1-r2
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 0.48.0-r1
- (no CPE)range: < 4.5.22
- Eclipse Foundation/Vert.xv5Range: 4.0.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.