{"id":"CVE-2025-12383","summary":"Race Condition allows Bypass of Trust Restrictions","details":"In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)","aliases":["GHSA-7p63-w6x9-6gr7"],"modified":"2026-05-18T05:56:13.576148231Z","published":"2025-11-18T15:14:37.765Z","related":["CGA-g3gr-35q9-qvp3","CGA-w32q-fcgj-fg3w"],"database_specific":{"cwe_ids":["CWE-362"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/12xxx/CVE-2025-12383.json","cna_assigner":"eclipse"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/12xxx/CVE-2025-12383.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12383"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/cve-assignment/-/issues/74"},{"type":"PACKAGE","url":"https://github.com/eclipse-ee4j/jersey"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse-ee4j/jersey","events":[{"introduced":"0"},{"last_affected":"b44f4f9a71762a85a8295f91c5fb4c7cf9c04fce"},{"last_affected":"4f3150c7b77c06f24b737ab7d2941107a0049ec2"},{"last_affected":"f35691f4e4f1e6440ba2d384de798c4efdb2f932"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.45"},{"last_affected":"3.0.16"},{"last_affected":"3.1.9"}],"source":"AFFECTED_FIELD"}}],"versions":["3.1.9","3.0.16","2.45","initial_contribution"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-12383.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"}]}