How severe is CVE-2025-59363?

CVE-2025-59363 has a CVSS v3 score of 7.7 (HIGH).

CVE-2025-59363

7.7HIGH

In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),

Published: 9/14/2025Updated: 9/15/2025

Description

In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),

AI AnalysisPowered by AI

References

https://onelogin.service-now.com/support?id=kb_article&sys_id=b0aad1e11bd3ea109a47ec29b04bcb72&kb_category=a0d76d70db185340d5505eea4b96199f