CVE-2025-52924

In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header...

PT-2025-30108 · One Identity · Onelogin

Name of the Vulnerable Software and Affected Versions: One Identity OneLogin versions prior to 2025.2.0 Description: The SQL connection “application name” is set based on the value of an untrusted X-RequestId HTTP request header. Recommendations: Update One Identity OneLogin to version 2025.2.0 o...