CVE-2025-12383

HIGH

Eclipse Jersey 2.45 3.0.16 3.1.9 - Race Condition in SSL Configuration Handling

Title source: llm

Description

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

References (1)

Core 1

Core References

Issue Tracking, Vendor Advisory

https://gitlab.eclipse.org/security/cve-assignment/-/issues/74

Scores

CVSS v3 7.4

EPSS 0.0026

EPSS Percentile 17.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-362

Status published

Products (4)

eclipse/jersey 2.45

eclipse/jersey 3.0.16

eclipse/jersey 3.1.9

org.glassfish.jersey.core/jersey-client 2.45 - 2.46Maven

Published Nov 18, 2025

Tracked Since Feb 18, 2026