CVE-2025-67505

high

Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

References

https://github.com/okta/okta-sdk-java/security/advisories/GHSA-j5gq-897m-2rff

https://github.com/okta/okta-sdk-java/commit/abf4f128a0441f90cb7efcdcf4bde1aef8703243

Details

Source: Mitre, NVD

Published: 2025-12-10

Updated: 2026-03-06

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:P

Severity: Medium

CVSS v3

Base Score: 8.4

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Severity: High

EPSS

EPSS: 0.00037