Race Condition in Eclipse Jersey Leading to Insecure SSL Configurations
CVE-2025-12383

9.4CRITICAL

Key Information:

Vendor: Eclipse Foundation
Status: Jersey
Vendor: CVE Published:; 18 November 2025

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2025-12383?

A race condition vulnerability in Eclipse Jersey affects versions 2.45, 3.0.16, and 3.1.9, leading to the potential bypass of critical SSL configurations. This can manifest as an SSLHandshakeException in standard scenarios. However, under specific conditions, it may inadvertently permit unauthorized trust in insecure servers, undermining the security framework designed to protect sensitive communications.

Affected Version(s)

Jersey 2.45

Jersey 3.0.16

Jersey 3.1.9

References

https://gitlab.eclipse.org/security/cve-assignment/-/issu...

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Oct 28, 2025

Credit

Dimitri Tenenbaum

JSON