exploitDog

CVE-2025-12383

Опубликовано: 18 нояб. 2025

Источник: nvd

CVSS3: 7.4

EPSS Низкий

Описание

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

Ссылки

https://gitlab.eclipse.org/security/cve-assignment/-/issues/74
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:eclipse:jersey:2.45:*:*:*:*:*:*:*

cpe:2.3:a:eclipse:jersey:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:eclipse:jersey:3.1.9:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00057

Низкий

7.4 High

CVSS3

Дефекты

CWE-362

Связанные уязвимости

GHSA-7p63-w6x9-6gr7

github

3 месяца назад

Eclipse Jersey has a Race Condition

EPSS

Процентиль: 18%

0.00057

Низкий

7.4 High

CVSS3

Дефекты

CWE-362