CVE-2025-67505

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-67505

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-67505.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-67505

Aliases

GHSA-j5gq-897m-2rff

Published

2025-12-10T22:19:20.694Z

Modified

2025-12-11T19:50:01.342040Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L CVSS Calculator

Summary

Race condition in the Okta Java SDK

Details

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-362"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67505.json"
}

References

Affected packages

Git / github.com/okta/okta-sdk-java

Affected ranges

Type

GIT

Repo

https://github.com/okta/okta-sdk-java

Events

Introduced

067f951ecbe03e5ca0bab8793b5f72ef9603ab1c

Fixed

ef72dbcc0f552a2f5e22ac620525416d4452aa4a

Database specific

{
    "versions": [
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "20.0.1"
        }
    ]
}