CVE-2025-66033
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-66033, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-10

Last updated on: 2026-03-06

Assigner: GitHub, Inc.

Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load. In addition to using the affected versions, users may be at risk if they are implementing a long-running application using the ApiClient in a multi-threaded manner. This issue is fixed in version 24.0.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-10
Last Modified
2026-03-06
Generated
2026-07-06
AI Q&A
2025-12-11
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
okta java_management_sdk From 21.0.0 (inc) to 24.0.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Okta Java Management SDK versions 21.0.0 through 24.0.0, where certain multithreaded implementations do not properly clean up threads after requests complete. This leads to memory issues over time, especially in long-running applications using the ApiClient in a multi-threaded manner. The improper thread cleanup can degrade performance and availability, potentially causing a denial-of-service condition under sustained load. The issue is fixed in version 24.0.1.

Impact Analysis

The vulnerability can cause memory issues in applications using the affected Okta Java Management SDK versions in a multi-threaded way. Over time, this can degrade application performance and availability, and under sustained load, it may lead to a denial-of-service condition, making the application unresponsive or unavailable.

Mitigation Strategies

Upgrade the Okta Java Management SDK to version 24.0.1 or later, as this version fixes the memory cleanup issue in multithreaded implementations. Additionally, review your application's use of the ApiClient in multithreaded contexts to ensure it aligns with best practices and avoid long-running threads that may cause memory degradation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66033. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart