How serious is CVE-2025-11143?

This vulnerability has a CVSS score of 6.5 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2025-11143?

Yes, proof-of-concept exploit code for CVE-2025-11143 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2025-11143?

CVE-2025-11143 affects eclipse jetty. Check the full CVE details for specific version information.

How do I fix CVE-2025-11143?

To remediate CVE-2025-11143, check for security patches from eclipse. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2025-11143

Medium

|6.5

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to potentially bypass security measures by exploiting differences in how various components of a system interpret unusual web addresses (URIs). If different parts of the system use different rules for these URIs, it could lead to unauthorized access or reveal sensitive information about the system's setup.

Technical Description

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactLow

Integrity ImpactLow

Availability ImpactNone

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$931($500-$1K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Mar 5, 2026

about 1 month ago

Last Modified

Mar 6, 2026

about 1 month ago

Vendor

eclipse

Product

jetty

Related Vulnerabilities

CVE-2026-1605High

This vulnerability allows an attacker to cause a memory leak on servers using specific versions of Eclipse Jetty by sending a compressed HTTP request that isn't met with a compressed response. For this to happen, the server must be configured to handle gzip-encoded requests, but fail to respond with gzip-encoded data.