{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11143", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "state": "PUBLISHED", "assignerShortName": "eclipse", "dateReserved": "2025-09-29T05:08:52.530Z", "datePublished": "2026-03-05T09:26:59.830Z", "dateUpdated": "2026-03-05T14:48:41.622Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Eclipse Jetty", "repo": "https://github.com/jetty/jetty.project", "vendor": "Eclipse Foundation", "versions": [{"lessThanOrEqual": "9.4.58", "status": "affected", "version": "9.4.0", "versionType": "semver"}, {"lessThanOrEqual": "10.0.26", "status": "affected", "version": "10.0.0", "versionType": "semver"}, {"lessThanOrEqual": "11.0.26", "status": "affected", "version": "11.0.0", "versionType": "semver"}, {"lessThanOrEqual": "12.0.30", "status": "affected", "version": "12.0.0", "versionType": "semver"}, {"lessThanOrEqual": "12.1.4", "status": "affected", "version": "12.1.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "zer0yu"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response.&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">At the very least, differential parsing may divulge implementation details.</span></span><br>"}], "value": "The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs.\u00a0Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response.\u00a0At the very least, differential parsing may divulge implementation details."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2026-03-05T09:26:59.830Z"}, "references": [{"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T14:48:27.345884Z", "id": "CVE-2025-11143", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T14:48:41.622Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11143", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "state": "PUBLISHED", "assignerShortName": "eclipse", "dateReserved": "2025-09-29T05:08:52.530Z", "datePublished": "2026-03-05T09:26:59.830Z", "dateUpdated": "2026-03-05T14:48:41.622Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Eclipse Jetty", "repo": "https://github.com/jetty/jetty.project", "vendor": "Eclipse Foundation", "versions": [{"lessThanOrEqual": "9.4.58", "status": "affected", "version": "9.4.0", "versionType": "semver"}, {"lessThanOrEqual": "10.0.26", "status": "affected", "version": "10.0.0", "versionType": "semver"}, {"lessThanOrEqual": "11.0.26", "status": "affected", "version": "11.0.0", "versionType": "semver"}, {"lessThanOrEqual": "12.0.30", "status": "affected", "version": "12.0.0", "versionType": "semver"}, {"lessThanOrEqual": "12.1.4", "status": "affected", "version": "12.1.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "zer0yu"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response.&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">At the very least, differential parsing may divulge implementation details.</span></span><br>"}], "value": "The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs.\u00a0Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response.\u00a0At the very least, differential parsing may divulge implementation details."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2026-03-05T09:26:59.830Z"}, "references": [{"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11143", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-05T14:48:27.345884Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T14:48:32.138Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs.\u00a0Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response.\u00a0At the very least, differential parsing may divulge implementation details."}], "id": "CVE-2025-11143", "lastModified": "2026-03-05T10:15:54.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "emo@eclipse.org", "type": "Secondary"}]}, "published": "2026-03-05T10:15:54.680", "references": [{"source": "emo@eclipse.org", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "emo@eclipse.org", "type": "Primary"}]}

{}

{}