Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

One Identity security patch release for CVE-2025-59363

Security Patch Release
First reported
Last updated
Happening score
H score 13
1 unique sources, 1 articles

Summary

Hide ▲

OneLogin 2025.3.0 shipped a security fix that hid OIDC client_secret values, closing a flaw that could expose secrets for applications in a tenant. The update mattered because the issue could let attackers with valid API credentials retrieve secrets and impersonate integrated applications. The release followed responsible disclosure on July 18, 2025.

Related Happenings

Cisco security patch release for CVE-2026-20184

Security Patch Release
First: 16.04.2026 14:27 Last: 16.04.2026 14:27 Sources 1

About this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...

Open Happening

Citrix security patch release for CVE-2026-3055

Security Patch Release
First: 24.03.2026 07:59 Last: 24.03.2026 07:59 Sources 1

About this happening: Citrix's **NetScaler ADC** and **NetScaler Gateway** updates close **CVE-2026-3055** and **CVE-2026-4368**, including a flaw that could leak sensitive memory from configured appli...

Open Happening

Oracle security patch release for CVE-2026-21992

Security Patch Release
First: 21.03.2026 12:24 Last: 21.03.2026 12:24 Sources 1

About this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...

Open Happening

ConnectWise security patch release for CVE-2026-3564

Security Patch Release
First: 18.03.2026 20:10 Last: 18.03.2026 20:10 Sources 1

About this happening: ConnectWise released **ScreenConnect 26.1** to harden **machine key** handling after disclosing **CVE-2026-3564**, a flaw that can enable **unauthorized access** and **privilege e...

Open Happening

Elementor Ally 4.1.0 security patch release (CVE-2026-2313)

Security Patch Release
First: 11.03.2026 21:38 Last: 11.03.2026 21:38 Sources 1

About this happening: **Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...

Open Happening

Timeline

  1. 01.10.2025 16:27 2 articles · 7mo ago

    OneLogin 2025.3.0 hides OIDC client secrets

    Mitigation Patch Update

    OneLogin addressed CVE-2025-59363 in OneLogin 2025.3.0 by making OIDC client_secret values no longer visible after a July 18, 2025 responsible disclosure. The flaw in the /api/2/apps endpoint had allowed attackers with valid API credentials to enumerate and retrieve tenant-wide OIDC client secrets, with a CVSS score of 7.7 out of 10.0.

    Show sources
    Open in new tab