PostgreSQL Memory Utilization Issue in PingFederate OAuth2 Implementation
CVE-2025-21085

2.1LOW

Key Information:

Vendor: Ping Identity
Status: Pingfederate
Vendor: CVE Published:; 15 June 2025

🔔 Create Ping Identity Vulnerability Alert

What is CVE-2025-21085?

A vulnerability exists in PingFederate’s implementation of OAuth2 grant handling when using PostgreSQL as a persistent storage solution. This flaw allows attackers to exploit OAuth2 requests, leading to excessive memory usage on the server. If left unaddressed, this could severely impact application performance and availability. Mitigation strategies include applying the latest patches and monitoring system resources effectively.

Affected Version(s)

PingFederate Windows 12.2.0 < 12.2.4

PingFederate Windows 12.1.0 < 12.1.9

PingFederate Windows 12.0 < 12.0.9

References

https://support.pingidentity.com/s/article/PingFederate-g...

mitigation

https://www.pingidentity.com/en/resources/downloads/pingf...

patch

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2025
Vulnerability Reserved
Apr 16, 2025