Home

Description

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

PUBLISHED Reserved 2025-10-28 | Published 2025-11-18 | Updated 2025-11-18 | Assigner eclipse




CRITICAL: 9.4CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Problem types

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Product status

Default status
unaffected

2.45
affected

3.0.16
affected

3.1.9
affected

Credits

Dimitri Tenenbaum finder

References

gitlab.eclipse.org/security/cve-assignment/-/issues/74

cve.org (CVE-2025-12383)

nvd.nist.gov (CVE-2025-12383)

Download JSON