Thread Exhaustion Vulnerability in PingFederate Google Adapter by Ping Identity
CVE-2025-22854

6.9MEDIUM

Key Information:

Vendor: Ping Identity
Status: Pingfederate
Vendor: CVE Published:; 15 June 2025

🔔 Create Ping Identity Vulnerability Alert

What is CVE-2025-22854?

The PingFederate Google Adapter has a vulnerability related to improper handling of non-200 HTTP responses, which can result in thread exhaustion during normal operation. This issue could disrupt services and affect the performance of applications utilizing the adapter. Organizations should review their implementation of the PingFederate Google Adapter to ensure they are not impacted by this vulnerability.

Affected Version(s)

PingFederate Windows 1.0.1 < 1.5.2

References

https://www.pingidentity.com/en/resources/downloads/pingf...

patch

https://docs.pingidentity.com/integrations/google/google_...

release-notes

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2025
Vulnerability Reserved
Jan 13, 2025