CVE-2025-66033

Published: Dec 10, 2025

Modified: Dec 11, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load. In addition to using the affected versions, users may be at risk if they are implementing a long-running application using the ApiClient in a multi-threaded manner. This issue is fixed in version 24.0.1.

Vendor	Product	Versions
okta	okta-sdk-java	affected `>= 21.0.0, < 24.0.1`

Weaknesses (CWE)

CWE-401

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/okta/okta-sdk-java/security/advisories/GHSA-qhr6-6cgv-6638

x_refsource_CONFIRM

https://github.com/okta/okta-sdk-java/commit/1daa9229a70fc38fb252aeaa637f82d0b0729b3f

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-66033

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References