OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

Security Aid October 1, 2025

A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances.
The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as a case ofA high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances.
The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as a case of The Hacker NewsRead More

About The Author

Security Aid

See author's posts

Security Aid

Related Stories

Broadcom Issues Patches for VMware NSX and vCenter Security Flaws

GOP senator confirms pending White House quantum push, touts legislative alternatives

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks