CVE-2025-12383 CRITICAL

CVE-2025-12383: Race Condition allows Bypass of Trust Restrictions

Vendor Eclipse Foundation
Product Jersey
Weakness CWE-362
Published November 18, 2025
Last update November 18, 2025

CVSS base score

9.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

What the vulnerability does

01Description

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

Key dates

02Disclosure timeline

November 18, 2025 CVE published
November 18, 2025 Record updated