PT-2025-22265 · Atlassian · Jira Core+1
Internal
·
Published
2025-04-23
·
Updated
2026-01-22
·
CVE-2025-22157
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jira Core Data Center and Server versions 9.12.0 through 10.5.0
Jira Service Management Data Center and Server versions 5.12.0 through 10.5.0
Description
This issue allows an attacker to perform actions as a higher-privileged user. The vulnerability was reported via Atlassian's internal program. It is estimated that over 95,000 results are found on a search engine, and over 75,000 services are affected.
Recommendations
Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20
Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20
Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5
Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5
Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0
Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0
Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1
Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1
Fix
LPE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jira Core
Jira Service Management Server