CVE-2025-11143 LOW

CVE-2025-11143

Vendor Eclipse Foundation
Product Eclipse Jetty
Weakness CWE-20 · Input validation
Published March 5, 2026
Last update March 5, 2026

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.

Key dates

02Disclosure timeline

March 5, 2026 CVE published
March 5, 2026 Record updated