com.microsoft.azure:msal4j is affected by https://www.cve.org/CVERecord?id=CVE-2025-53864 via its com.nimbusds.oauth2-oidc-sdk dependency.

The CVE was fixed in https://central.sonatype.com/artifact/com.nimbusds/nimbus-jose-jwt/10.0.2
https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt

The minimum version of the Nimbus OAuth SDK that picks up the fixed version is https://central.sonatype.com/artifact/com.nimbusds/oauth2-oidc-sdk/11.23.1