CVE-2025-12383

Source
https://cve.org/CVERecord?id=CVE-2025-12383
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12383.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-12383
Aliases
Downstream
Related
Published
2025-11-18T15:14:37.765Z
Modified
2026-07-08T07:34:14.732448313Z
Severity
  • 9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS Calculator
Summary
Race Condition allows Bypass of Trust Restrictions
Details

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/12xxx/CVE-2025-12383.json",
    "cna_assigner": "eclipse",
    "cwe_ids": [
        "CWE-362"
    ]
}
References

Affected packages

Git / github.com/eclipse-ee4j/jersey

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-ee4j/jersey
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:eclipse:jersey:2.45:*:*:*:*:*:*:*",
        "cpe:2.3:a:eclipse:jersey:3.0.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:eclipse:jersey:3.1.9:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "2.45"
        },
        {
            "last_affected": "2.45"
        },
        {
            "introduced": "3.0.16"
        },
        {
            "last_affected": "3.0.16"
        },
        {
            "introduced": "3.1.9"
        },
        {
            "last_affected": "3.1.9"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_STRING"
    ]
}

Affected versions

2.*
2.45
3.*
3.0.16
3.1.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12383.json"