CVE-2025-66033
BaseFortify
Publication date: 2025-12-10
Last updated on: 2026-03-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| okta | java_management_sdk | From 21.0.0 (inc) to 24.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Okta Java Management SDK versions 21.0.0 through 24.0.0, where certain multithreaded implementations do not properly clean up threads after requests complete. This leads to memory issues over time, especially in long-running applications using the ApiClient in a multi-threaded manner. The improper thread cleanup can degrade performance and availability, potentially causing a denial-of-service condition under sustained load. The issue is fixed in version 24.0.1.
How can this vulnerability impact me? :
The vulnerability can cause memory issues in applications using the affected Okta Java Management SDK versions in a multi-threaded way. Over time, this can degrade application performance and availability, and under sustained load, it may lead to a denial-of-service condition, making the application unresponsive or unavailable.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Okta Java Management SDK to version 24.0.1 or later, as this version fixes the memory cleanup issue in multithreaded implementations. Additionally, review your application's use of the ApiClient in multithreaded contexts to ensure it aligns with best practices and avoid long-running threads that may cause memory degradation.