CVE-2025-22854

Summary

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions.

Affected Software

VendorProductVersion RangeStatus
Ping IdentityPingFederate1.0.1 < 1.5.2affected

Weaknesses

  • CWE-394: CWE-394 Unexpected Status Code or Return Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References