CVE-2025-66033

Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load. In addition to using the affected versions, users may be at risk if they are implementing a long-running application using the ApiClient in a multi-threaded manner. This issue is fixed in version 24.0.1.

CVSS v3.1 Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

CWE-401 CWE-401

Affected Products

Vendor	Product	Versions
okta	java_management_sdk	21.0.0 — 24.0.1

References

Advisories & Patches

https://github.com/okta/okta-sdk-java/commit/1daa9229a70fc38fb252aeaa637f82d0b0729b3f https://github.com/okta/okta-sdk-java/security/advisories/GHSA-qhr6-6cgv-6638

Frequently Asked Questions

What is CVE-2025-66033? +

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load. In addition to using the affected versions, users may be at risk if they are implementing a long-running application using the ApiClient in a multi-threaded manner. This issue is fixed in version 24.0.1. It has a CVSS v3.1 base score of 5.3 (MEDIUM).

How severe is CVE-2025-66033? +

CVE-2025-66033 has a CVSS v3.1 score of 5.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2025-66033? +

CVE-2025-66033 affects products from okta, specifically: java_management_sdk. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-66033? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, …

CVE-2024-25450 8.8

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().

CVE-2025-20133 8.6

A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall …

CVE-2025-20239 8.6

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall …

CVE-2024-20304 8.6

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote …

CVE-2025-29828 8.1

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a …