CVE-2025-66033

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-66033

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-66033.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-66033

Aliases

GHSA-qhr6-6cgv-6638

Published

2025-12-10T21:46:13.102Z

Modified

2025-12-11T19:49:55.848795Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Improper Memory Cleanup in the Okta Java SDK

Details

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load. In addition to using the affected versions, users may be at risk if they are implementing a long-running application using the ApiClient in a multi-threaded manner. This issue is fixed in version 24.0.1.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-401"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66033.json"
}

References

Affected packages

Git / github.com/okta/okta-sdk-java

Affected ranges

Type

GIT

Repo

https://github.com/okta/okta-sdk-java

Events

Introduced

09fc695b57262b9b9cd667f00c51f03cba0ae029

Fixed

c103c1340e673d1f534243d25f37f63a4cd9065f

Database specific

{
    "versions": [
        {
            "introduced": "21.0.0"
        },
        {
            "fixed": "24.0.1"
        }
    ]
}