CVE-2025-34064: OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2025-34064?
CVE-2025-34064 is considered a medium severity vulnerability due to the potential for sensitive log data exposure.
How do I fix CVE-2025-34064?
To fix CVE-2025-34064, ensure that all log data is sent to a secure, validated S3 bucket that you own.
What are the consequences of CVE-2025-34064?
The consequences of CVE-2025-34064 include unauthorized access to sensitive log files by an attacker who claims the unprotected S3 bucket.
Which software is affected by CVE-2025-34064?
CVE-2025-34064 affects the OneLogin AD Connector.
Is CVE-2025-34064 being actively exploited?
As of the latest updates, there are no confirmed reports of active exploitation for CVE-2025-34064.