VYPR
Critical severityNVD Advisory· Published Nov 18, 2025· Updated Nov 18, 2025

Race Condition allows Bypass of Trust Restrictions

CVE-2025-12383

Description

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.glassfish.jersey.core:jersey-clientMaven
>= 2.45, < 2.462.46
org.glassfish.jersey.core:jersey-clientMaven
>= 3.0.16, < 3.0.173.0.17
org.glassfish.jersey.core:jersey-clientMaven
>= 3.1.9, < 3.1.103.1.10

Affected products

145

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.