CVE-2025-22157 is a privilege escalation vulnerability identified in Atlassian Jira Core Data Center and Jira Service Management Data Center and Server products. The vulnerability exists in specific versions starting from 9.12.0 and 5.12.0 respectively, extending through versions 10.5.0. It allows an attacker with limited privileges (low-level user) to escalate their permissions to a higher-privileged user level without requiring any user interaction, which can lead to unauthorized administrative actions within the Jira environment. The vulnerability is classified under CWE-284 (Improper Access Control), indicating a failure in enforcing proper permission checks. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N) shows that the attack can be performed remotely over the network with low complexity, no authentication needed beyond low privileges, and no user interaction required. The impact on confidentiality and availability is limited, but integrity and authorization controls are significantly affected, allowing attackers to manipulate Jira data and configurations. Atlassian has addressed this vulnerability in multiple patched releases across affected versions, recommending upgrades to versions such as 9.12.20, 5.12.20, 10.3.5, 10.6.0, and 10.5.1 or later. The vulnerability was responsibly disclosed internally to Atlassian and is now publicly documented with no known active exploitation reported so far.

The primary impact of CVE-2025-22157 is unauthorized privilege escalation within Jira environments, which can lead to attackers gaining administrative capabilities. This can result in unauthorized changes to project configurations, issue data manipulation, exposure of sensitive project information, and disruption of service management workflows. For organizations relying heavily on Jira for project tracking, software development, and IT service management, such unauthorized access can compromise operational integrity and confidentiality. Attackers could potentially create or modify issues, change user permissions, or disable security controls, leading to broader security breaches or insider threat scenarios. Since Jira is widely used across industries globally, the vulnerability poses a significant risk to enterprises, government agencies, and service providers. The ease of exploitation without user interaction increases the likelihood of automated attacks if exploits become publicly available. Although no exploits are currently known in the wild, the vulnerability's presence in critical infrastructure software necessitates urgent remediation to prevent potential exploitation and downstream impacts on business continuity and data security.

Organizations should immediately assess their Jira Core Data Center and Jira Service Management Data Center and Server deployments for affected versions. The primary mitigation is to upgrade to the fixed versions recommended by Atlassian: 9.12.20 or later for 9.12.x releases, 5.12.20 or later for 5.12.x releases, 10.3.5 or later for 10.3.x releases, 10.6.0 or later for 10.4.x releases, and 10.5.1 or later for 10.5.x releases. If immediate upgrading is not feasible, organizations should restrict network access to Jira instances to trusted internal networks and enforce strict access controls limiting user privileges to the minimum necessary. Monitoring and auditing user activities within Jira should be enhanced to detect unusual privilege escalations or administrative actions. Additionally, organizations should review and tighten permission schemes and roles within Jira to reduce the attack surface. Employing Web Application Firewalls (WAFs) with custom rules to detect anomalous requests targeting privilege escalation vectors may provide temporary protection. Finally, maintain vigilance for any emerging exploit code or indicators of compromise related to this CVE and update incident response plans accordingly.