A critical security flaw (CVE-2025-20059) has been identified in supported versions of Ping Identity’s PingAM Java Agent, potentially enabling attackers to bypass policy enforcement and access protected resources.
The vulnerability—classified as a Relative Path Traversal (CWE-23) weakness—affects all PingAM Java Agent deployments integrated with PingOne Advanced Identity Cloud, prompting urgent calls for remediation.
https://gbhackers.com/pingam-java-agent-vulnerability/