Home > Vulnerability Database > CVE-2025-66033

Mend.io Vulnerability Database

CVE-2025-66033

Good to know:

Date: December 10, 2025

Okta Java Management SDK is facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load. In addition to using the affected versions, users may be at risk if they are implementing a long-running application using the ApiClient in a multi-threaded manner. This issue is fixed in version 24.0.1.

Severity Score

5.3

Related Resources (5)

Url: https://github.com/okta/okta-sdk-java/commit/1daa9229a70fc38fb252aeaa637f82d0b0729b3f

Url: https://github.com/okta/okta-sdk-java

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-66033

Url: https://github.com/okta/okta-sdk-java/security/advisories/GHSA-qhr6-6cgv-6638

Url: https://www.mend.io/vulnerability-database/CVE-2025-66033

Severity Score

5.3

Weakness Type (CWE)

Missing Release of Memory after Effective Lifetime

CWE-401

Top Fix

Upgrade Version

Upgrade to version com.okta.sdk:okta-sdk-api:24.0.1;https://github.com/okta/okta-sdk-java.git - okta-sdk-root-24.0.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-66033

Good to know:

Date: December 10, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?