CVE-2025-21085

Summary

PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.

Affected Software

VendorProductVersion RangeStatus
Ping IdentityPingFederate12.2.0 < 12.2.4affected
Ping IdentityPingFederate12.1.0 < 12.1.9affected
Ping IdentityPingFederate12.0 < 12.0.9affected
Ping IdentityPingFederate11.3.0 < 11.3.13affected

Weaknesses

  • CWE-462: CWE-462 Duplicate Key in Associative List

Workarounds

Configuration options to mitigate:

  • Minimum Interval to Roll Refresh Tokens
  • Refresh Token Rolling Grace Period (Seconds)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References