CVE-2025-67505

HIGH

Okta Java Management SDK 11.0.0-20.0.0 - Race Condition in ApiClient

Title source: llm

Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/okta/okta-sdk-java/security/advisories/GHSA-j5gq-897m-2rff

Patch x_refsource_misc

https://github.com/okta/okta-sdk-java/commit/abf4f128a0441f90cb7efcdcf4bde1aef8703243

View Patch ZIP pw:eip

Scores

CVSS v3 8.4

EPSS 0.0018

EPSS Percentile 7.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-362

Status published

Products (2)

com.okta.sdk/okta-sdk-root 11.0.0 - 20.0.1Maven

okta/java_management_sdk 11.0.0 - 20.0.1

Published Dec 10, 2025

Tracked Since Feb 18, 2026