CVE-2025-12383

7.4 HIGH

Published: November 18, 2025 Modified: January 16, 2026

Description

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://gitlab.eclipse.org/security/cve-assignment/-/issues/74

Source: emo@eclipse.org

Issue Tracking Vendor Advisory

1 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.4 / 10.0

EPSS (Exploit Probability)

0.1%

21th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-362

Affected Vendors

eclipse

Related CVEs

CVE-2026-2072 8.2

CVE-2026-1166 4.3

CVE-2026-4784 7.3

CVE-2026-4766 6.4

CVE-2026-4783 6.3