Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2025-12383
Good to know:
Date: November 18, 2025
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)
Severity Score
Related Resources (14)
Severity Score
Weakness Type (CWE)
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-362Top Fix
Upgrade Version
Upgrade to version org.glassfish.jersey.core:jersey-client:2.46;org.glassfish.jersey.core:jersey-client:3.0.17;org.glassfish.jersey.core:jersey-client:3.1.10;https://github.com/eclipse-ee4j/jersey.git - 2.46;https://github.com/eclipse-ee4j/jersey.git - 3.0.17;https://github.com/eclipse-ee4j/jersey.git - 3.1.10;https://github.com/eclipse-ee4j/jersey.git - 4.0.0-M2
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | CHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | NONE |