CVE-2025-52925

Summary

In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812.

Affected Software

VendorProductVersion RangeStatus
OneLoginActive Directory Connector0 < 6.1.5affected

Weaknesses

  • CWE-402: CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References