SecuriTricks - CVE-2025-67505

Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

Product(s) Impacted

Vendor	Product	Versions
Okta	Java Management Sdk	11.0.0-20.0.0, 20.0.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	okta	java_management_sdk	11.0.0-20.0.0	/	/	/	/	/	/	/
a	okta	java_management_sdk	20.0.1	/	/	/	/	/	/	/

References

https://github.com/okta/okta-sdk-java/commit/abf4f128a0441f90cb7efcdcf4bde1aef8703243

https://github.com/okta/okta-sdk-java/security/advisories/GHSA-j5gq-897m-2rff

CVSS Score

8.4 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: LOW
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

View Vector String

Timeline

Published: Dec. 10, 2025, 11:15 p.m.
Last Modified: Dec. 10, 2025, 11:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

CVE-2025-67505