Description
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)
INFO
Published Date :
2025-11-18T15:14:37.765Z
Last Modified :
2025-11-18T21:34:35.027Z
Source :
eclipse
AFFECTED PRODUCTS
The following products are affected by CVE-2025-12383 vulnerability.
| Vendors | Products |
|---|---|
| Eclipse |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12383.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact