CVE-2025-34064 CRITICAL

CVE-2025-34064: OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage

Vendor One Identity
Product OneLogin Active Directory Connector (ADC)
Weakness CWE-668
Published July 1, 2025
Last update July 1, 2025

CVSS base score

9.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

What the vulnerability does

01Description

A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.

Key dates

02Disclosure timeline

July 1, 2025 CVE published
July 1, 2025 Record updated