cbcvebase.
CVE-2025-34064
published 2025-07-01

CVE-2025-34064: A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without…

PriorityP346critical9CVSS 4.0
AVNACLATPPRNUINVCHVILVANSCHSILSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.45%
35.6th percentile
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.

Affected

10 ranges
VendorProductVersion rangeFixed in
msrcazl3_mozjs_102.15.1-1_on_azure_linux_3.0
msrcazl3_nodejs_20.14.0-1_on_azure_linux_3.0
msrcazl3_nodejs_20.14.0-8_on_azure_linux_3.0
msrcazl3_python-jinja2_3.1.2-2_on_azure_linux_3.0
msrcazl3_python-jinja2_3.1.2-3_on_azure_linux_3.0
msrccbl2_nodejs18_18.20.3-4_on_cbl_mariner_2.0
msrccbl2_nodejs18_18.20.3-5_on_cbl_mariner_2.0
msrccbl2_python-jinja2_3.0.3-4_on_cbl_mariner_2.0
msrccbl2_python-jinja2_3.0.3-7_on_cbl_mariner_2.0
one_identityonelogin_active_directory_connector< 6.1.56.1.5

CVSS provenance

nvdv4.09.0CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc5.4MEDIUM
vendor_oracle5.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.