CVE-2025-66033
📋 TL;DR
The Okta Java Management SDK versions 21.0.0 through 24.0.0 have a memory management vulnerability in multithreaded implementations where threads are not properly cleaned up after requests. This can cause performance degradation and potential denial-of-service in long-running applications under sustained load. Only applications using the affected SDK versions in multithreaded, long-running contexts are impacted.
💻 Affected Systems
- Okta Java Management SDK
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Application becomes unresponsive due to memory exhaustion, causing complete denial-of-service for all users.
Likely Case
Gradual performance degradation over time requiring application restarts to maintain functionality.
If Mitigated
Minor performance impact with no service disruption if proper monitoring and restart procedures are in place.
🎯 Exploit Status
Exploitation requires sustained legitimate traffic to trigger the memory issue, not a traditional security exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24.0.1
Vendor Advisory: https://github.com/okta/okta-sdk-java/security/advisories/GHSA-qhr6-6cgv-6638
Restart Required: Yes
Instructions:
1. Update Maven/Gradle dependency to okta-sdk-java version 24.0.1 or later. 2. Rebuild your application. 3. Redeploy the updated application. 4. Restart the application service.
🔧 Temporary Workarounds
Implement application restart schedule
allSchedule regular application restarts to clear accumulated memory before degradation becomes critical
# Example cron job for daily restart
0 2 * * * systemctl restart your-application.service
Implement memory monitoring and alerts
allSet up monitoring for memory usage and thread counts with alerting thresholds
# Example monitoring configuration
# Monitor JVM heap usage and thread count
# Alert when >80% heap usage or thread count > baseline + 50%
🧯 If You Can't Patch
- Implement aggressive memory monitoring with automated restart triggers when thresholds are exceeded
- Reduce application load or implement rate limiting to minimize thread creation frequency
🔍 How to Verify
Check if Vulnerable:
Check your project's dependency file (pom.xml or build.gradle) for okta-sdk-java version between 21.0.0 and 24.0.0 inclusiveCheck Version:
grep -i 'okta-sdk-java' pom.xml build.gradle || mvn dependency:tree | grep okta-sdk-javaVerify Fix Applied:
Verify okta-sdk-java version is 24.0.1 or later in your dependency file and rebuilt application📡 Detection & Monitoring
Log Indicators:
- Increasing JVM memory usage over time without corresponding load increase
- Frequent garbage collection events
- OutOfMemoryError exceptions
- Increasing thread count without corresponding decrease
Network Indicators:
- Gradually increasing response times for API calls
- Timeout errors under sustained load
SIEM Query:
source="application.logs" ("OutOfMemoryError" OR "java.lang.OutOfMemoryError" OR "GC overhead limit exceeded") AND "okta"