OneLogin | Breaking Cybersecurity News | The Hacker News

A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect ( OIDC ) application client secrets under certain circumstances. The vulnerability, tracked as CVE-2025-59363 , has been assigned a CVSS score of 7.7 out of 10.0. It has been described as a case of incorrect resource transfer between spheres ( CWE-669 ), which causes a program to cross security boundaries and obtain unauthorized access to confidential data or functions. CVE-2025-59363 "allowed attackers with valid API credentials to enumerate and retrieve client secrets for all OIDC applications within an organization's OneLogin tenant," Clutch Security said in a report shared with The Hacker News. The identity security said the problem stems from the fact that the application listing endpoint – /api/2/apps – was configured to return more data than expected, including the ...

Do you use OneLogin password manager ? If yes, then immediately change all your account passwords right now. OneLogin, the cloud-based password management and identity management software company, has admitted that the company has suffered a data breach. The company announced on Thursday that it had "detected unauthorised access" in its United States data region. Although the company did not provide many details about the nature of the cyber attack, the statement released by the firm suggest that the data breach is extensive. What Happened? OneLogin, which aims at offering a service that "secures connections across all users, all devices, and every application," has not yet revealed potential weaknesses in its service that may have exposed its users' data in the first place. "Today We detected unauthorised access to OneLogin data in our US data region," OneLogin chief information security officer Alvaro Hoyos said in a brief blog post-Wednes...