Main Vulnerability Database Vulnerabilities #VU117583

Files or Directories Accessible to External Parties in Vert.x-Web - CVE-2025-11965

Published: October 23, 2025

Vulnerability identifier: #VU117583

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-11965

CWE-ID: CWE-552

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Eclipse

Affected software:
Vert.x-Web

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the files or directories accessible to external parties in the hidden file protection feature of "StaticHandler" when "setIncludeHidden(false)" is configured. A remote attacker can gain access to sensitive information on the system.

How to mitigate CVE-2025-11965

Install updates from vendor's website.

Sources

https://github.com/vert-x3/vertx-web/security/advisories/GHSA-h5fg-jpgr-rv9c

Files or Directories Accessible to External Parties in Vert.x-Web - CVE-2025-11965

Detailed vulnerability description

How to mitigate CVE-2025-11965

Sources

Please verify you're human