CVE-2025-67505

HIGH

Com.okta.sdk Okta-sdk-root < 20.0.1 - Race Condition

Title source: rule

Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

References (2)

[Patch] https://github.com/okta/okta-sdk-java/commit/abf4f128a0441f90cb7efcdcf4bde1aef8703243

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/okta/okta-sdk-java/security/advisories/GHSA-j5gq-897m-2rff

Scores

CVSS v3 8.4

EPSS 0.0005

EPSS Percentile 15.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Classification

CWE

CWE-362

Status published

Affected Products (2)

com.okta.sdk/okta-sdk-root < 20.0.1Maven

okta/java_management_sdk < 20.0.1

Timeline

Published Dec 10, 2025

Tracked Since Feb 18, 2026