CVE-2025-22167

Name of the Vulnerable Software and Affected Versions Atlassian Jira Software Data Center and Server versions 9.12.0 through 11.0.1 Atlassian Jira Software Data Center and Server versions 9.12.0 through 11.0.0

Description A path traversal flaw exists in Atlassian Jira Software Data Center and Server. This issue allows authenticated attackers to write arbitrary files to any location accessible by the Jira Java Virtual Machine (JVM) process. The flaw is due to improper input validation in the file handling mechanisms, enabling attackers to bypass path restrictions using traversal sequences like “../”. While primarily an arbitrary write issue, the potential exists for data exfiltration or remote code execution when combined with other exploits. Approximately 107,000 instances are estimated to be vulnerable. The API endpoints are not explicitly mentioned in the provided descriptions. The vulnerability allows modification of any filesystem path writable by the Jira JVM process.

Recommendations Upgrade Jira Software Data Center and Server to version 9.12.28 or later. Upgrade Jira Software Data Center and Server to version 10.3.12 or later. Upgrade Jira Software Data Center and Server to version 11.1.0 or later.