How to fix CVE-2025-34063?

Within 24 hours: Inventory all OneLogin AD Connector deployments and document current versions. Within 7 days: Upgrade all OneLogin AD Connector instances to version 6.1.5 or later; rotate all JWT signing keys and invalidate previously issued tokens through OneLogin administrative console. Within 30 days: Conduct forensic review of OneLogin API access logs (particularly /api/adc/v4/configuration endpoint) for unauthorized key extraction; audit downstream SAML/OIDC applications for suspicious authentication events; implement API rate limiting and IP whitelisting on the affected endpoint.

CVE-2025-34063

EUVD-2025-19635 CRITICAL

2025-07-01 [email protected]

Authentication Bypass

10.0

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 05:52 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

patch_available

Apr 16, 2026 - 05:29 EUVD

6.1.5

Analysis Generated

Mar 16, 2026 - 01:42 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 01:42 euvd

EUVD-2025-19635

CVE Published

Jul 01, 2025 - 15:15 nvd

CRITICAL 10.0

DescriptionNVD

A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authentication to the OneLogin SSO portal and all downstream applications federated via SAML or OIDC. This allows full unauthorized access across the victim’s SaaS environment.

AnalysisAI

Technical ContextAI

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Authentication Bypass by Spoofing (CWE-290).

RemediationAI

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

CVE-2025-34063 vulnerability details – vuln.today

Back