Vulnerability Database

318,756

Total vulnerabilities in the database

CVE-2025-11965

In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/config').

Published: Oct 22, 2025
Updated: Jan 22, 2026
CVE: CVE-2025-11965
GHSA: GHSA-h5fg-jpgr-rv9c
Severity: Medium
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-552

Affected Software
References

Software	From	Fixed in
io.vertx / vertx-web	-	4.5.22
io.vertx / vertx-web	5.0.0	5.0.5
eclipse / vert.x	4.0.0	4.5.22
eclipse / vert.x	5.0.0	5.0.5

https://github.com/vert-x3/vertx-web/security/advisories/GHSA-h5fg-jpgr-rv9c
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/304

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo