Sensitive Data Exposure in One Identity OneLogin Affected by GET Apps API v2
CVE-2025-59363

7.7HIGH

Key Information:

Vendor: One Identity
Status: Onelogin
Vendor: CVE Published:; 14 September 2025

🔔 Create One Identity Vulnerability Alert

What is CVE-2025-59363?

A vulnerability exists in One Identity OneLogin prior to version 2025.3.0 where the OIDC client secret is inadvertently exposed through the GET Apps API v2. This secret, which should only be disclosed when an application is originally created, could be accessed through a routine API call, thus risking unauthorized access to sensitive information and compromising application security.

Affected Version(s)

OneLogin 0 < 2025.3.0

References

https://onelogin.service-now.com/support?id=kb_article&sy...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 14, 2025
Vulnerability Reserved
Sep 14, 2025