CVE-2025-21085

🗓️ 15 Jun 2025 14:25:39Reported by Ping IdentityType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 37 Views

PingFederate OAuth2 grant duplication may lead to excessive memory usage in PostgreSQL storage.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-21085	15 Jun 202515:39	–	circl
CNNVD	Ping Identity PingFederate 安全漏洞	15 Jun 202500:00	–	cnnvd
Cvelist	CVE-2025-21085 PingFederate OAuth Grant attribute duplication may use excessive memory	15 Jun 202514:25	–	cvelist
EUVD	EUVD-2025-18342	3 Oct 202520:07	–	euvd
NVD	CVE-2025-21085	15 Jun 202515:15	–	nvd
Positive Technologies	PT-2025-25497 · Ping Identity · Pingfederate	15 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-21085	17 Jun 202515:20	–	redhatcve
Vulnrichment	CVE-2025-21085 PingFederate OAuth Grant attribute duplication may use excessive memory	15 Jun 202514:25	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "PostgreSQL"
    ],
    "platforms": [
      "Windows",
      "Linux"
    ],
    "product": "PingFederate",
    "vendor": "Ping Identity",
    "versions": [
      {
        "lessThan": "12.2.4",
        "status": "affected",
        "version": "12.2.0",
        "versionType": "custom"
      },
      {
        "lessThan": "12.1.9",
        "status": "affected",
        "version": "12.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "12.0.9",
        "status": "affected",
        "version": "12.0",
        "versionType": "custom"
      },
      {
        "lessThan": "11.3.13",
        "status": "affected",
        "version": "11.3.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
support	www.support.pingidentity.com/s/article/PingFederate-grant-attribute-duplication-with-PostgreSQL
pingidentity	www.pingidentity.com/en/resources/downloads/pingfederate.html

17 Jun 2026 08:42Current

6.5Medium risk

Vulners AI Score6.5

CVSS 42.1

EPSS0.00282

SSVC

CWE-462