In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/config').
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
GHSA-h5fg-jpgr-rv9c | Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 22 Oct 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 22 Oct 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/config'). | |
Weaknesses | CWE-552 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: eclipse
Published:
Updated: 2025-10-22T15:56:08.021Z
Reserved: 2025-10-20T14:49:10.081Z
Link: CVE-2025-11965

Updated: 2025-10-22T15:56:03.243Z

Status : Awaiting Analysis
Published: 2025-10-22T15:15:31.590
Modified: 2025-10-22T21:12:48.953
Link: CVE-2025-11965

No data.

No data.