CVE-2025-34064

Vulnerability Description

A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.

Related Weaknesses (CWE)

References

• https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-
• https://support.onelogin.com/product-notification/noti-00001768
• https://vulncheck.com/advisories/onelogin-ad-connector-account-compromise

FAQ

What is CVE-2025-34064?

CVE-2025-34064 is a documented vulnerability. A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker...

How severe is CVE-2025-34064?

CVSS scoring is not yet available for CVE-2025-34064. Check NVD for updates.

Is there a patch for CVE-2025-34064?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.