GHSA-qhr6-6cgv-6638 (CVE-2025-66033)

Details

Description

In the Okta Java SDK, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load.

Affected product and versions

You may be affected by this vulnerability if you meet the following preconditions:

Using the Okta Java SDK between versions 21.0.0 and 24.0.0, and
Implementing a long-running application using the ApiClient in a multi-threaded manner.

Resolution

Upgrade Okta/okta-sdk-java to versions 24.0.1 or greater.

Acknowledgement

Okta would like to thank Andrew Pikler (pyckle) for their discovery and responsible disclosure.

Affected Packages

Mavencom.okta.sdk:okta-sdk-root

Fixed in:

24.0.1

References

ADVISORYhttps://github.com/advisories/GHSA-qhr6-6cgv-6638 PACKAGEhttps://github.com/okta/okta-sdk-java WEBhttps://github.com/okta/okta-sdk-java/commit/1daa9229a70fc38fb252aeaa637f82d0b0729b3f WEBhttps://github.com/okta/okta-sdk-java/security/advisories/GHSA-qhr6-6cgv-6638 ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-66033

GHSA-qhr6-6cgv-6638

Details

Description

Affected product and versions

Resolution

Acknowledgement

Affected Packages

References

Aliases

CVSS Analysis

Related

Ecosystems

Timeline