vulnerability

Oracle WebLogic: CVE-2025-12383 : Critical Patch Update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:H/Au:N/C:C/I:C/A:N)	Nov 18, 2025	Jan 23, 2026	Jan 23, 2026

Severity

CVSS

(AV:N/AC:H/Au:N/C:C/I:C/A:N)

Published

Nov 18, 2025

Added

Jan 23, 2026

Modified

Jan 23, 2026

Description

n Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain conditions, it could lead to unauthorized trust in insecure servers (see PoC)

Solutions

oracle-weblogic-jan-2026-cpu-14_1_1_0_0oracle-weblogic-jan-2026-cpu-14_1_2_0_0oracle-weblogic-jan-2026-cpu-15_1_1_0_0

References

CVE-2025-12383
https://attackerkb.com/topics/CVE-2025-12383
URL-http://www.oracle.com/security-alerts/cpujan2026.html
URL-https://support.oracle.com/support/?anchorId=&documentId=KA1396&page=sptemplate&sptemplate=km-article

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today