An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-25421
• https://github.com/igniterealtime/Openfire/blob/main/xmppserver/src/main/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoomManager.java
• https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421
• https://www.igniterealtime.org/projects/openfire
• igniterealtime/Openfire@d66bddd