CVE-2025-11143

low Red Hat
CVSS v3 Base Score
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.1%
Exploitation probability in 30 days
Top 74% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
None
Published: March 5, 2026 (70 days ago)
Last Modified: March 5, 2026
Vendor: Red Hat

Description

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.

CWE

CWE-444

Affected Products

OpenShift Developer Tools and ServicesRed Hat AMQ Broker 7Red Hat build of Apache Camel 4 for Quarkus 3Red Hat build of Apache Camel for Spring Boot 4Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apicurio Registry 2Red Hat build of Apicurio Registry 3Red Hat build of Debezium 2Red Hat build of Debezium 3Red Hat Data Grid 8

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com