Openfire XMPP Server Vulnerable to Path Traversal Attack – Upgrade Now!

CVSScvssV3_1: 8.6

Openfire is a popular open source XMPP messaging server that was found to have a vulnerability that could allow unauthorized access.

Hackers could exploit a path traversal bug in Openfire’s web admin console to access restricted admin pages without authentication. This would give them control over the server.

The vulnerability affects all versions of Openfire released since 2015. It has been patched in recent versions 4.7.5 and 4.6.8.

If you manage an Openfire server, you should immediately upgrade to the latest version to protect yourself. Or follow the mitigation steps in the GitHub advisory if an upgrade is not possible right away.

It’s always best to keep your software up-to-date to prevent hackers from exploiting known issues. Regular patching is important for security.

Take action now to close this path traversal hole in Openfire and keep your messaging services safe from intrusion or data theft. An outdated server is an easy target, so get the latest version installed without delay.