Information Disclosure in OneLogin AD Connector Affected by Vulnerability
CVE-2025-34062

5.7MEDIUM

Key Information:

Vendor: One Identity
Status: Onelogin Active Directory Connector (adc)
Vendor: CVE Published:; 1 July 2025

🔔 Create One Identity Vulnerability Alert

What is CVE-2025-34062?

An information disclosure vulnerability in OneLogin AD Connector allows attackers with access to a valid directory_token to extract sensitive information via the /api/adc/v4/configuration endpoint. This can lead to exposure of critical data, such as API keys, AWS IAM access and secret keys, as well as base64-encoded JWT signing keys associated with the tenant's SSO IdP configuration. The data can potentially be retrieved from host registry keys or inadequately secured logs, posing significant security concerns.