CVE-2025-11965: 
Java vulnerability analysis and mitigation

CVE-2025-11965 is a security vulnerability discovered in Eclipse Vert.x versions 4.0.0 through 4.5.21 and 5.0.0 through 5.0.4. The vulnerability was disclosed on October 22, 2025, and affects the StaticHandler configuration component (NVD).

The vulnerability stems from a failure in the StaticHandler configuration that is meant to restrict access to hidden files. While the configuration attempts to prevent access to hidden files, it fails to properly restrict access to hidden directories, allowing unauthorized users to retrieve files within these directories (e.g., '.git/config'). The vulnerability has been assigned a CVSS 4.0 Base Score of 6.3 (MEDIUM) with the vector string CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N and is classified under CWE-552 (Files or Directories Accessible to External Parties) (NVD, Red Hat).

The vulnerability allows unauthorized users to access hidden directories and their contents, potentially exposing sensitive configuration files and other protected resources. This could lead to information disclosure and potentially provide attackers with valuable system information (NVD).

Users are advised to upgrade to a version of Eclipse Vert.x that addresses this vulnerability when available. The issue affects versions 4.0.0 through 4.5.21 and 5.0.0 through 5.0.4 (NVD).