Eclipse Jersey 2.45/3.0.16/3.1.9 Race Cond Ignoring SSL Configs
CVE-2025-12383 Published on November 18, 2025
Race Condition allows Bypass of Trust Restrictions
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)
Weakness Type
What is a Race Condition Vulnerability?
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CVE-2025-12383 has been classified to as a Race Condition vulnerability or weakness.
Products Associated with CVE-2025-12383
Want to know whenever a new CVE is published for Oracle? stack.watch will email you.
Affected Versions
Eclipse Foundation Jersey:- Version 2.45 is affected.
- Version 3.0.16 is affected.
- Version 3.1.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.