CVE-2025-11143

low

Red Hat

CVSS v3 Base Score

3.7

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Published: March 5, 2026

Last Modified: March 5, 2026

Vendor: Red Hat

Description

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.

CWE

CWE-444

Affected Products

OpenShift Developer Tools and ServicesRed Hat AMQ Broker 7Red Hat build of Apache Camel 4 for Quarkus 3Red Hat build of Apache Camel for Spring Boot 4Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apicurio Registry 2Red Hat build of Apicurio Registry 3Red Hat build of Debezium 2Red Hat build of Debezium 3Red Hat Data Grid 8

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com

CVE-2025-11143

Vulnerability Report

Description

CWE

Affected Products

References