A local privilege escalation vulnerability, CVE-2024-32656, was found in Ant Media Server by research firm Praetorian.

The flaw originated from an unauthenticated Java Management Extensions (JMX) interface, which permitted unprivileged users to execute code as the 'antmedia' service account.

The vulnerability could be exploited to gain root access to the system and was present in Ant Media Server version 2.8.2.

The exploitation process involved using the JMX service to load a malicious MBean, facilitating arbitrary code execution.

The case underscores the security risks associated with unauthenticated JMX and RMI services in software applications.

Praetorian responsibly disclosed the vulnerability, emphasizing the importance of addressing such security issues in JMX services.