CVE Vulnerabilities

CVE-2025-21085

Duplicate Key in Associative List (Alist)

Published: Jun 15, 2025 | Modified: Jun 15, 2025

CVSS 3.x

N/A

Source:

NVD

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-21085
CWE	https://cwe.mitre.org/data/definitions/462.html

PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.

Weakness

Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.

Potential Mitigations

References

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.