CVE-2025-67505

HIGH

Com.okta.sdk Okta-sdk-root < 20.0.1 - Race Condition

Title source: rule

Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

References (2)

[Vendor Advisory] https://github.com/okta/okta-sdk-java/security/advisories/GHSA-j5gq-897m-2rff

[Patch] https://github.com/okta/okta-sdk-java/commit/abf4f128a0441f90cb7efcdcf4bde1aef8703243

View Patch ZIP pw:eip

Scores

CVSS v3 8.4

EPSS 0.0006

EPSS Percentile 20.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-362

Status published

Products (2)

com.okta.sdk/okta-sdk-root 11.0.0 - 20.0.1Maven

okta/java_management_sdk 11.0.0 - 20.0.1

Published Dec 10, 2025

Tracked Since Feb 18, 2026