CVE-2025-12383

N/A Unknown

Published: November 18, 2025 Modified: November 19, 2025

Description

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://gitlab.eclipse.org/security/cve-assignment/-/issues/74

Source: emo@eclipse.org

1 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.1%

21th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-362

Related CVEs

CVE-2026-0824 3.5

CVE-2026-0822 6.3

CVE-2025-13393 4.3

CVE-2025-12379 6.4

CVE-2026-0821 7.3