Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2024-25421 — Ignite Realtime Openfire privilege escalation vulnerability · VulnScope

CVE-2024-25421

Ignite Realtime Openfire privilege escalation vulnerability

EPSS 2.6%

Description

An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.

How to fix CVE-2024-25421

To remediate CVE-2024-25421, upgrade the affected package to a fixed version below.

Maven/org.igniterealtime.openfire:xmppserver—upgrade to 4.8.1 or later

Is CVE-2024-25421 being exploited?

Low — EPSS is 2.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 4.8.1

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-25421
PATCHgithub.com/igniterealtime/Openfire
WEBgithub.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoomManager.java
WEBgithub.com/igniterealtime/Openfire/commit/d66bddd29dbf56aa9b822635619fa66cca6f2112

Metadata

Published: 3/26/2024
Modified: 12/7/2024

Also known as:

GHSA-6pwg-gg6j-5crmghsa

WEBwww.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421

WEBwww.igniterealtime.org/projects/openfire

Maven/org.igniterealtime.openfire:xmppserver