CNNVD-202509-1992 Information
CNNVD ID
CNNVD-202509-1992
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
Openfire是Ignite Realtime开源的一款实时协作(RTC)服务器。 Openfire 5.0.2版本和5.1.0版本存在安全漏洞,该漏洞源于未正确处理X.509证书中的用户身份,可能导致攻击者冒充其他用户。
Description (English)
Openfire is an Ignite Realtime Collaboration (RTC) server. Releases 5.0.2 and 5.1.0 of Openfire had a security loophole, which stemmed from the incorrect handling of the user identity in the X.509 certificate, which could result in the attackers impersonating other users.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Ignite Realtime
Published
2025-09-15
Last Modified
2026-02-24
References
https://github.com/igniterealtime/Openfire/blob/8d073dda36905da0fdee7cb623c025a01a5cbf6b/xmppserver/src/main/java/org/jivesoftware/util/cert/CNCertificateIdentityMapping.java#L43 https://github.com/igniterealtime/Openfire/security/advisories/GHSA-w252-645g-87mp https://igniterealtime.atlassian.net/browse/OF-3124 https://igniterealtime.atlassian.net/browse/OF-3122 https://igniterealtime.atlassian.net/browse/OF-3123 https://access.redhat.com/security/cve/cve-2025-59154
Patch
https://github.com/igniterealtime/Openfire/releases
Share on: