CVE-2025-12383

CVSS v4.0

9.4

Critical

Vector

AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Name of the Vulnerable Software and Affected Versions Eclipse Jersey versions 2.45, 3.0.16, 3.1.9

Description A race condition in Eclipse Jersey’s SSL configuration processing can lead to the ignoring of critical SSL configurations, including mutual authentication and custom key/trust stores. This may result in SSLHandshakeException errors, but under certain conditions, could allow unauthorized trust in insecure servers.

Recommendations Update Eclipse Jersey to a version that addresses this race condition.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-296CWE-362

Related Identifiers

CLEANSTART-2026-AO61361

CLEANSTART-2026-IA43044

CLEANSTART-2026-LO22603

CLEANSTART-2026-LZ76508

CVE-2025-12383

GHSA-7P63-W6X9-6GR7

Affected Products

Bamboo

Eclipse Jersey

CVE-2025-12383

Weakness Enumeration

Related Identifiers

Affected Products

References · 116