CVE-2025-67505
BaseFortify
Publication date: 2025-12-10
Last updated on: 2026-03-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| okta | java_management_sdk | From 11.0.0 (inc) to 20.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Okta Java Management SDK versions 11.0.0 through 20.0.0. It involves race conditions caused by concurrent requests using the ApiClient class. Due to these race conditions, the status code or response header from one request's response may incorrectly influence another request's response. This issue was fixed in version 20.0.1.
How can this vulnerability impact me? :
The vulnerability can cause incorrect or misleading responses when multiple requests are made concurrently using the ApiClient class. This may lead to data integrity issues, incorrect application behavior, or security risks due to responses being mixed or corrupted between requests.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Okta Java Management SDK to version 20.0.1 or later, as this version contains the fix for the race condition issue.