ByteOS Network

okta-sdk-java

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-67505

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-8.4||HIGH

EPSS-0.05% / 14.88%

7 Day CHG~0.00%

Published-10 Dec, 2025 | 22:19

Updated-12 Dec, 2025 | 15:18

Race condition in the Okta Java SDK

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

Vendor-okta

Product-okta-sdk-java

CWE ID-CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE-2025-66033

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-5.3||MEDIUM

EPSS-0.06% / 18.54%

7 Day CHG+0.01%

Published-10 Dec, 2025 | 21:46

Updated-12 Dec, 2025 | 15:18

Improper Memory Cleanup in the Okta Java SDK

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load. In addition to using the affected versions, users may be at risk if they are implementing a long-running application using the ApiClient in a multi-threaded manner. This issue is fixed in version 24.0.1.

Vendor-okta

Product-okta-sdk-java

CWE ID-CWE-401

Missing Release of Memory after Effective Lifetime