CVE-2025-34064

N/A Unknown

Published: July 01, 2025 Modified: April 15, 2026

Description

A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys/

Source: disclosure@vulncheck.com

https://support.onelogin.com/product-notification/noti-00001768

Source: disclosure@vulncheck.com

https://vulncheck.com/advisories/onelogin-ad-connector-account-compromise

Source: disclosure@vulncheck.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.4%

58th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-200 CWE-668

Related CVEs

CVE-2026-42615 7.2

CVE-2026-23773 4.3

CVE-2026-40560 N/A

CVE-2026-7363 N/A

CVE-2026-7361 N/A