Browse all 15 CVE security advisories affecting Okta. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Okta provides identity and access management solutions as a core business, enabling secure authentication and authorization for enterprises. Historically, the platform has been susceptible to various vulnerability classes including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws. While the company maintains a security-first approach, it has faced notable incidents, including a 2022 breach where attackers compromised a customer support engineer's account, leading to unauthorized access to some customer data. Despite these challenges, Okta remains a widely adopted solution in the identity management space, with ongoing efforts to address security concerns and maintain its position as a critical component of organizational security infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67505 | Race condition in the Okta Java SDK — okta-sdk-javaCWE-362 | 8.4 | High | 2025-12-10 |
| CVE-2025-66033 | Improper Memory Cleanup in the Okta Java SDK — okta-sdk-javaCWE-401 | 5.3 | Medium | 2025-12-10 |
This page lists every published CVE security advisory associated with Okta. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.