Dear OneLogin Administrator,
A security researcher informed One Identity of a post-exploit vulnerability related to the OneLogin Active Directory Connector (ADC). The exploit in question was only possible if an attacker already had administrative access to a customer’s on-premises infrastructure.
The data accessed was limited to a single inactive account with no active production configuration in OneLogin. The affected party was notified directly and provided with recommendations to further secure their environment.
At this time, we are not aware of any OneLogin production environments being accessed during this research or affected by this vulnerability.
We have since applied security patches to our platform, updated internal escalation procedures, and released a new version of the connector that addresses the identified issues.
In line with standard security protocol, full details of the vulnerability will be made available upon publication of the associated CVE.
Action Required:
We strongly encourage customers who use the Active Directory Connector to upgrade to the latest version (v6.1.5), available here. Please follow the instructions included here .
This version, along with other platform improvements already in place, remediates the reported vulnerability.
If you have questions or need assistance with the update, please reach out to our support team.
Regards,
The One Identity Team
© 2025 ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center