SCA: security update for com.okta.sdk:okta-sdk-root (GHSA-qhr6-6cgv-6638)

medium Tenable Cloud Security Plugin ID 436351

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through
24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly
cleaned up after requests are completed. Over time, this can degrade performance and availability in long-
running applications and may result in a denial-of-service condition under sustained load. In addition to
using the affected versions, users may be at risk if they are implementing a long-running application
using the ApiClient in a multi-threaded manner. This issue is fixed in version 24.0.1. (CVE-2025-66033)

See Also

https://github.com/advisories/GHSA-qhr6-6cgv-6638

Plugin Details

Severity: Medium

ID: 436351

Version: Revision 1.15

Type: Local

Family: SCA Checks

Published: 12/11/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.73

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2025-66033

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 12/10/2025

Vulnerability Publication Date: 12/10/2025

Reference Information

CVE: CVE-2025-66033

cwe: CWE-401