{"vulnerability": "CVE-2025-34064", "sightings": [{"uuid": "a8ae8aa1-bd7f-4ff2-97c0-516c2a4a0fe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34064", "type": "seen", "source": "MISP/1413a78e-c0b3-4092-97e7-909fb9773448", "content": "", "creation_timestamp": "2025-08-06T13:54:20.000000Z"}, {"uuid": "77fd1b49-9e1e-4257-9d7a-c16b804f0634", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34064", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114778801913249591", "content": "", "creation_timestamp": "2025-07-01T15:58:48.234397Z"}, {"uuid": "4c88c1bc-214c-49d3-a4a6-372404228221", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34064", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/20043", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-34064\n\ud83d\udd25 CVSS Score: 9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N)\n\ud83d\udd39 Description: A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.\n\ud83d\udccf Published: 2025-07-01T14:49:34.048Z\n\ud83d\udccf Modified: 2025-07-01T14:49:34.048Z\n\ud83d\udd17 References:\n1. https://support.onelogin.com/product-notification/noti-00001768\n2. https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys/\n3. https://vulncheck.com/advisories/onelogin-ad-connector-account-compromise", "creation_timestamp": "2025-07-01T15:07:57.000000Z"}, {"uuid": "8f0f542e-077a-430a-9f5e-a839dc59a432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34064", "type": "seen", "source": "MISP/1413a78e-c0b3-4092-97e7-909fb9773448", "content": "", "creation_timestamp": "2025-08-14T11:44:22.000000Z"}]}