{"id":"CVE-2025-12383","details":"In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)","aliases":["GHSA-7p63-w6x9-6gr7"],"modified":"2026-03-09T23:51:24.741187Z","published":"2025-11-18T16:15:42.867Z","related":["CGA-g3gr-35q9-qvp3","CGA-w32q-fcgj-fg3w"],"references":[{"type":"REPORT","url":"https://gitlab.eclipse.org/security/cve-assignment/-/issues/74"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse-ee4j/jersey","events":[{"introduced":"0"},{"last_affected":"b44f4f9a71762a85a8295f91c5fb4c7cf9c04fce"},{"introduced":"0"},{"last_affected":"4f3150c7b77c06f24b737ab7d2941107a0049ec2"},{"introduced":"0"},{"last_affected":"f35691f4e4f1e6440ba2d384de798c4efdb2f932"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.45"},{"introduced":"0"},{"last_affected":"3.0.16"},{"introduced":"0"},{"last_affected":"3.1.9"}]}}],"versions":["2.29","2.31","2.32","2.33","2.34","2.35","2.36","2.37","2.38","2.39","2.39.1","2.40","2.41","2.42","2.43","2.44","2.45","initial_contribution"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-12383.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}