CVE-2025-21085

PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.

CVSS

No CVSS.

References

Link	Resource
https://support.pingidentity.com/s/article/PingFederate-grant-attribute-duplication-with-PostgreSQL
https://www.pingidentity.com/en/resources/downloads/pingfederate.html

Configurations

No configuration.

History

16 Jun 2025, 12:32

Type	Values Removed	Values Added
Summary		(es) La duplicación de concesiones OAuth2 de PingFederate en el almacenamiento persistente de PostgreSQL permite que las solicitudes OAuth2 utilicen una memoria excesiva.

15 Jun 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-15 15:15

Updated : 2025-06-16 12:32

NVD link : CVE-2025-21085

Mitre link : CVE-2025-21085

CVE.ORG link : CVE-2025-21085

JSON object : View

Products Affected

No product.

CWE

CWE-462

Duplicate Key in Associative List (Alist)

{"id": "CVE-2025-21085", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "responsible-disclosure@pingidentity.com", "cvssData": {"Safety": "PRESENT", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 2.1, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:A/V:X/RE:L/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-15T15:15:18.330", "references": [{"url": "https://support.pingidentity.com/s/article/PingFederate-grant-attribute-duplication-with-PostgreSQL", "source": "responsible-disclosure@pingidentity.com"}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html", "source": "responsible-disclosure@pingidentity.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "responsible-disclosure@pingidentity.com", "description": [{"lang": "en", "value": "CWE-462"}]}], "descriptions": [{"lang": "en", "value": "PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization."}, {"lang": "es", "value": "La duplicaci\u00f3n de concesiones OAuth2 de PingFederate en el almacenamiento persistente de PostgreSQL permite que las solicitudes OAuth2 utilicen una memoria excesiva."}], "lastModified": "2025-06-16T12:32:18.840", "sourceIdentifier": "responsible-disclosure@pingidentity.com"}

CVE-2025-21085

JSON object

Attach tags to CVE-2025-21085

Attach tags to `CVE-2025-21085`