CVE-2025-12383 — HIGH (7.4)

Vulnerability Description

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Eclipse	Jersey	2.45

Related Weaknesses (CWE)

CWE-362

References

https://gitlab.eclipse.org/security/cve-assignment/-/issues/74Issue TrackingVendor Advisory

FAQ

What is CVE-2025-12383?

CVE-2025-12383 is a vulnerability with a CVSS score of 7.4 (HIGH). In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings....

How severe is CVE-2025-12383?

CVE-2025-12383 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-12383?

Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Jersey.