One Identity OneLogin AD Connector Credential Exposure Cross-Tenant Account Compromise | Advisories

Go back

One Identity OneLogin AD Connector Credential Exposure Cross-Tenant Account Compromise

severity: critical
date: June 30, 2025
Affecting: OneLogin < 6.1.5
CVE: CVE-2025-34062, CVE-2025-34063, CVE-2025-34064
CVE type: Exposure of Resource to Wrong Sphere,Insufficiently Protected Credentials,Authentication Bypass by Spoofing
CVSS: 10
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
References: Vendor Advisory
Researcher Disclosure
Credit: SpecterOps