Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

OneLogin IAM OIDC client secret exposure security flaw (CVE-2025-59363)

Vulnerability
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

A CVE-2025-59363 flaw in One Identity OneLogin IAM could let attackers with valid API credentials retrieve OIDC client_secret values for every app in a tenant, creating risk of impersonation and lateral movement. The issue was rated CVSS 7.7/10 and centered on the /api/2/apps endpoint returning more data than expected. OneLogin 2025.3.0 fixed the exposure by making client secrets no longer visible.

Related Happenings

BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave

Exploitation Wave
First: 12.02.2026 23:34 Last: 12.02.2026 23:34 Sources 1

About this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...

Open Happening

Timeline

  2. 01.10.2025 16:27 2 articles · 7mo ago

    Public technical analysis of OneLogin secret exposure

    Technical Analysis Update

    Clutch Security described CVE-2025-59363 in OneLogin IAM as a case where the /api/2/apps endpoint returned more data than expected, including client_secret values alongside application metadata; attackers with valid OneLogin API credentials could enumerate all OIDC application secrets, and OneLogin 2025.3.0 removed client_secret visibility.

    Show sources
    Open in new tab