CVE-2025-66033: Improper Memory Cleanup in the Okta Java SDK

December 10, 2025 (updated December 11, 2025)

In the Okta Java SDK, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load.

References

github.com/advisories/GHSA-qhr6-6cgv-6638
github.com/okta/okta-sdk-java
github.com/okta/okta-sdk-java/commit/1daa9229a70fc38fb252aeaa637f82d0b0729b3f
github.com/okta/okta-sdk-java/security/advisories/GHSA-qhr6-6cgv-6638
nvd.nist.gov/vuln/detail/CVE-2025-66033

Code Behaviors & Features

Detect and mitigate CVE-2025-66033 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →