CVE-2025-12383

Published: Nov 18, 2025

Modified: Nov 18, 2025

PUBLISHED

Description

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

Vendor	Product	Versions
Eclipse Foundation	Jersey	affected `2.45` affected `3.0.16` affected `3.1.9`

Weaknesses (CWE)

CWE-362

References

https://gitlab.eclipse.org/security/cve-assignment/-/issues/74

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-12383

Description

Affected Products

Weaknesses (CWE)

References