Org.igniterealtime.openfire:xmppserver
This hub aggregates every CVE we track for Org.igniterealtime.openfire:xmppserver, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
1
Critical
2
High
1
In CISA KEV
Severity distribution
MEDIUM3HIGH2CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Org.igniterealtime.openfire:xmppserver.
- CVE-2025-59154Openfire allows potential identity spoofing via unsafe CN parsing5.9
- CVE-2024-25420An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.7.2
- CVE-2024-25421An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.9.8
- CVE-2023-32315Openfire administration console authentication bypassKEV8.6
- CVE-2019-20528Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.6.1
- CVE-2019-15488Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.6.1
Product normalization is registry-driven with AI assist and human review. How it works