Thread Exhaustion Vulnerability in PingFederate Google Adapter by Ping Identity
CVE-2025-22854

6.9MEDIUM

Key Information:

Vendor: Ping Identity
Status: Pingfederate
Vendor: CVE Published:; 15 June 2025

🔔 Create Ping Identity Vulnerability Alert

What is CVE-2025-22854?

The PingFederate Google Adapter has a vulnerability related to improper handling of non-200 HTTP responses, which can result in thread exhaustion during normal operation. This issue could disrupt services and affect the performance of applications utilizing the adapter. Organizations should review their implementation of the PingFederate Google Adapter to ensure they are not impacted by this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PingFederate Windows 1.0.1 < 1.5.2

References

https://www.pingidentity.com/en/resources/downloads/pingf...

patch

https://docs.pingidentity.com/integrations/google/google_...

release-notes

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jun 15, 2025
Vulnerability Reserved
Jan 13, 2025

JSON

Ping Identity