Join us at the legendary Security Wasteland party at Black Hat on August 6th
Register
Products
Government
Resources
Community
Company
Partners
Sign In / Join
Sign In
Advisories
One Identity OneLogin AD Connector Credential Exposure Cross-Tenant Account Compromise
Go Back
severity
critical
date
June 30, 2025
Affecting
OneLogin < 6.1.5
CVE
CVE-2025-34062
CVE-2025-34063
CVE-2025-34064
CVE type
Exposure of Resource to Wrong Sphere,Insufficiently Protected Credentials,Authentication Bypass by Spoofing
CVSS
10
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
References
Vendor Advisory
Researcher Disclosure
Credit
SpecterOps