CVE-2025-59363 | THREATINT

Description

In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),

PUBLISHED Reserved 2025-09-14 | Published 2025-09-14 | Updated 2025-09-15 | Assigner mitre

HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-669 Incorrect Resource Transfer Between Spheres

Product status

Default status

unaffected

Any version before 2025.3.0

affected

References

onelogin.service-now.com/...a0d76d70db185340d5505eea4b96199f

cve.org (CVE-2025-59363)

nvd.nist.gov (CVE-2025-59363)

Download JSON