CVE-2025-67505

Published: Dec 10, 2025Modified: Mar 6, 2026

8.4

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Exploitability: 1.8 / Impact: 6.0

Source: security-advisories@github.com (Secondary)

Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

Affected (1)

Products: Okta: Java Management Sdk

1 product

Java Management Sdk

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Okta Java Management Sdk	From 11.0.0 to 20.0.1

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (2)

https://github.com/okta/okta-sdk-java/commit/abf4f128a0441f90cb7efcdcf4bde1aef8703243

Source: security-advisories@github.com

Patch

https://github.com/okta/okta-sdk-java/security/advisories/GHSA-j5gq-897m-2rff

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.