An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.
https://www.igniterealtime.org/projects/openfire/
https://www.hackthebox.com/blog/openfire-cves-explained-CVE-2024-25420-CVE-2024-25421