PostgreSQL Memory Utilization Issue in PingFederate OAuth2 Implementation
CVE-2025-21085

2.1LOW

Key Information:

Vendor: Ping Identity
Status: Pingfederate
Vendor: CVE Published:; 15 June 2025

🔔 Create Ping Identity Vulnerability Alert

What is CVE-2025-21085?

A vulnerability exists in PingFederate’s implementation of OAuth2 grant handling when using PostgreSQL as a persistent storage solution. This flaw allows attackers to exploit OAuth2 requests, leading to excessive memory usage on the server. If left unaddressed, this could severely impact application performance and availability. Mitigation strategies include applying the latest patches and monitoring system resources effectively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PingFederate Windows 12.2.0 < 12.2.4

PingFederate Windows 12.1.0 < 12.1.9

PingFederate Windows 12.0 < 12.0.9

References

https://support.pingidentity.com/s/article/PingFederate-g...

mitigation

https://www.pingidentity.com/en/resources/downloads/pingf...

patch

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jun 15, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Ping Identity