CVE-2025-59154 | igniterealtime Openfire up to 5.0.1 X509Certificate.getSubjectDN.getName authentication spoofing (GHSA-w252-645g-87mp)

A vulnerability was found in igniterealtime Openfire up to 5.0.1. It has been rated as critical. Affected by this issue is the function X509Certificate.getSubjectDN.getName. The manipulation leads to authentication bypass by spoofing.

This vulnerability is traded as CVE-2025-59154. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More