{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T09:54:46.078","vulnerabilities":[{"cve":{"id":"CVE-2025-34063","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-07-01T15:15:24.913","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authentication to the OneLogin SSO portal and all downstream applications federated via SAML or OIDC. This allows full unauthorized access across the victim’s SaaS environment."},{"lang":"es","value":"Existe una vulnerabilidad de omisión de autenticación criptográfica en OneLogin AD Connector anterior a la versión 6.1.5 debido a la exposición de la clave de firma JWT de SSO de un inquilino a través del endpoint /api/adc/v4/configuration. Un atacante que posea la clave de firma puede manipular tokens JWT válidos suplantando la identidad de usuarios arbitrarios dentro de un inquilino de OneLogin. Los tokens permiten la autenticación en el portal SSO de OneLogin y en todas las aplicaciones posteriores federadas mediante SAML u OIDC. Esto permite el acceso total no autorizado al entorno SaaS de la víctima."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys/","source":"disclosure@vulncheck.com"},{"url":"https://support.onelogin.com/product-notification/noti-00001768","source":"disclosure@vulncheck.com"},{"url":"https://vulncheck.com/advisories/onelogin-ad-connector-account-compromise","source":"disclosure@vulncheck.com"}]}}]}