CVE-2025-67505

8.4 HIGH

Published: December 10, 2025 Modified: December 12, 2025

Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/okta/okta-sdk-java/commit/abf4f128a0441f90cb7efcdcf4bde1aef8703243

Source: security-advisories@github.com

https://github.com/okta/okta-sdk-java/security/advisories/GHSA-j5gq-897m-2rff

Source: security-advisories@github.com

2 reference(s) from NVD

Quick Stats

CVSS v3 Score

8.4 / 10.0

EPSS (Exploit Probability)

0.0%

13th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-362

Related CVEs

CVE-2025-52691 10.0

CVE-2025-15168 7.3

CVE-2025-15167 7.3

CVE-2025-15166 7.3

CVE-2025-15165 7.3