Browse all 3 CVE security advisories affecting OneLogin. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OneLogin provides cloud-based identity and access management solutions, enabling single sign-on and multi-factor authentication for enterprises. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from misconfigurations and input validation flaws. While no major public security incidents have been widely reported, the three CVEs on record highlight potential risks in authentication and session management. The platform's security posture relies on regular security updates and adherence to industry standards, though organizations should remain vigilant about proper configuration to mitigate risks associated with identity management systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-52925 | One Identity OneLogin Active Directory Connector 安全漏洞 — Active Directory ConnectorCWE-402 | 5.0 | Medium | 2025-07-02 |
| CVE-2017-11428 | Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal — Ruby-SAMLCWE-287 | 9.8 | - | 2019-04-17 |
| CVE-2017-11427 | Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal — PythonSAMLCWE-287 | 9.8 | - | 2019-04-17 |
This page lists every published CVE security advisory associated with OneLogin. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.