CVE-2025-11965

HIGH

Eclipse Vert.x <4.5.21 & <5.0.4 - Info Disclosure

Title source: llm

Description

In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/config').

References (1)

[Issue Tracking, Vendor Advisory] https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/304

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 17.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-552

Status published

Affected Products (2)

eclipse/vert.x < 4.5.22

io.vertx/vertx-web < 4.5.22Maven

Timeline

Published Oct 22, 2025

Tracked Since Feb 18, 2026