Unexpected Status Code or Return Value

CVE-2025-22854

Medium

6.9/10

Summary

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions.

Attack Complexity: LOW
Attack Vector: NETWORK
User Interaction: PASSIVE
Privileges Required: LOW

CWE-394 - Unexpected Status Code or Return Value

The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.

References

Advisory Timeline

Published Jun 15, 2025

Unexpected Status Code or Return Value

CVE-2025-22854

Summary

CWE-394 - Unexpected Status Code or Return Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS