In a plot twist worthy of a cybersecurity soap opera, OneLogin has decided to spice things up by offering a special feature: unauthorized access to its OIDC secrets. Forget about boring, secure app authentication; it’s time to impersonate apps like never before!

The vulnerability, known affectionately as CVE-2025-59363, invites attackers to a party where everyone can be anyone. Scored a delightful 7.7 on the ‘Oops, We Did It Again’ scale, this flaw is the perfect icebreaker for any ne’er-do-well looking to crash a digital soirée.

OneLogin’s innovative approach to identity and access management includes an avant-garde method of sharing client secrets. Why ask for permission when you can just use an API key to do whatever you’d like? This is security reimagined, or perhaps just security unimagined.