High severity7.7NVD Advisory· Published Sep 14, 2025· Updated Apr 15, 2026

CVE-2025-59363

Description

In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

onelogin.service-now.com/supportnvd

News mentions

No linked articles in our index yet.

cvss	0.501
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000