CVE-2025-12383

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-12383
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-12383.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-12383
Aliases
Downstream
Related
Published
2025-11-18T15:14:37.765Z
Modified
2026-05-18T05:56:13.576148231Z
Severity
  • 9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS Calculator
Summary
Race Condition allows Bypass of Trust Restrictions
Details

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

Database specific 
{
    "cwe_ids": [
        "CWE-362"
    ],
    "cna_assigner": "eclipse",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/12xxx/CVE-2025-12383.json"
}
References

Affected packages

Git / github.com/eclipse-ee4j/jersey

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-ee4j/jersey
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b44f4f9a71762a85a8295f91c5fb4c7cf9c04fce
Last affected
4f3150c7b77c06f24b737ab7d2941107a0049ec2
Last affected
f35691f4e4f1e6440ba2d384de798c4efdb2f932
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.45"
        },
        {
            "last_affected": "3.0.16"
        },
        {
            "last_affected": "3.1.9"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

2.*
2.45
3.*
3.0.16
3.1.9
Other
initial_contribution

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-12383.json"