CVE-2025-22157: PrivEsc (Privilege Escalation) in Atlassian Jira Core Data Center
This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20 Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20 Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. This vulnerability was reported via our Atlassian (Internal) program.
AI Analysis
Technical Summary
CVE-2025-22157 is a high-severity privilege escalation vulnerability affecting multiple versions of Atlassian Jira Core Data Center and Jira Service Management Data Center and Server. Specifically, versions 9.12.0 through 9.12.19, 10.3.0 through 10.3.4, 10.4.0 through 10.4.1, and 10.5.0 are impacted. The vulnerability allows an attacker with low-level privileges (PR:L) to escalate their privileges to perform actions as a higher-privileged user without requiring user interaction (UI:N). The CVSS 4.0 vector indicates the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L) and no authentication required (AT:N). The vulnerability impacts confidentiality, integrity, and availability to a limited extent (VC:L, VI:H, VA:H), meaning the attacker can gain significant control over the system, potentially compromising sensitive data and system operations. The underlying weakness is classified under CWE-284, which relates to improper access control. Atlassian has released fixed versions for all affected branches, recommending upgrades to versions 9.12.20 or later, 10.3.5 or later, 10.6.0 or later, or 10.5.1 or later depending on the affected version. No known exploits are currently reported in the wild, but the vulnerability's characteristics suggest it could be leveraged by attackers to gain unauthorized administrative capabilities within Jira environments.
Potential Impact
For European organizations, the impact of this vulnerability is significant due to the widespread use of Atlassian Jira products in enterprise project management and IT service management. Successful exploitation could allow attackers to escalate privileges from a low-level user to an administrator, enabling unauthorized access to sensitive project data, modification of workflows, or disruption of service management processes. This could lead to data breaches involving confidential business information, intellectual property theft, or operational downtime. Additionally, compromised Jira instances could serve as a foothold for lateral movement within corporate networks, increasing the risk of broader cyberattacks. Given the critical role Jira plays in many organizations' software development and IT operations, exploitation could severely impact business continuity and compliance with data protection regulations such as GDPR.
Mitigation Recommendations
European organizations should prioritize upgrading affected Jira Core Data Center and Jira Service Management Data Center and Server instances to the fixed versions specified by Atlassian: 9.12.20 or later for 9.12.x versions, 10.3.5 or later for 10.3.x versions, 10.6.0 or later for 10.4.x versions, and 10.5.1 or later for 10.5.x versions. If immediate upgrading is not feasible, organizations should implement strict access controls to limit the number of users with low-level privileges who can access Jira, reducing the attack surface. Monitoring and logging should be enhanced to detect unusual privilege escalation attempts or administrative actions. Network segmentation can restrict Jira server access to trusted internal networks only. Additionally, organizations should review and tighten Jira permission schemes and audit user roles regularly. Employing Web Application Firewalls (WAFs) with custom rules to detect suspicious requests targeting Jira privilege escalation vectors can provide an additional layer of defense. Finally, organizations should stay informed about any emerging exploit reports and apply patches promptly.
Affected Countries
United Kingdom, Germany, France, Netherlands, Sweden, Italy, Spain, Belgium
CVE-2025-22157: PrivEsc (Privilege Escalation) in Atlassian Jira Core Data Center
Description
This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20 Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20 Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. This vulnerability was reported via our Atlassian (Internal) program.
AI-Powered Analysis
Technical Analysis
CVE-2025-22157 is a high-severity privilege escalation vulnerability affecting multiple versions of Atlassian Jira Core Data Center and Jira Service Management Data Center and Server. Specifically, versions 9.12.0 through 9.12.19, 10.3.0 through 10.3.4, 10.4.0 through 10.4.1, and 10.5.0 are impacted. The vulnerability allows an attacker with low-level privileges (PR:L) to escalate their privileges to perform actions as a higher-privileged user without requiring user interaction (UI:N). The CVSS 4.0 vector indicates the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L) and no authentication required (AT:N). The vulnerability impacts confidentiality, integrity, and availability to a limited extent (VC:L, VI:H, VA:H), meaning the attacker can gain significant control over the system, potentially compromising sensitive data and system operations. The underlying weakness is classified under CWE-284, which relates to improper access control. Atlassian has released fixed versions for all affected branches, recommending upgrades to versions 9.12.20 or later, 10.3.5 or later, 10.6.0 or later, or 10.5.1 or later depending on the affected version. No known exploits are currently reported in the wild, but the vulnerability's characteristics suggest it could be leveraged by attackers to gain unauthorized administrative capabilities within Jira environments.
Potential Impact
For European organizations, the impact of this vulnerability is significant due to the widespread use of Atlassian Jira products in enterprise project management and IT service management. Successful exploitation could allow attackers to escalate privileges from a low-level user to an administrator, enabling unauthorized access to sensitive project data, modification of workflows, or disruption of service management processes. This could lead to data breaches involving confidential business information, intellectual property theft, or operational downtime. Additionally, compromised Jira instances could serve as a foothold for lateral movement within corporate networks, increasing the risk of broader cyberattacks. Given the critical role Jira plays in many organizations' software development and IT operations, exploitation could severely impact business continuity and compliance with data protection regulations such as GDPR.
Mitigation Recommendations
European organizations should prioritize upgrading affected Jira Core Data Center and Jira Service Management Data Center and Server instances to the fixed versions specified by Atlassian: 9.12.20 or later for 9.12.x versions, 10.3.5 or later for 10.3.x versions, 10.6.0 or later for 10.4.x versions, and 10.5.1 or later for 10.5.x versions. If immediate upgrading is not feasible, organizations should implement strict access controls to limit the number of users with low-level privileges who can access Jira, reducing the attack surface. Monitoring and logging should be enhanced to detect unusual privilege escalation attempts or administrative actions. Network segmentation can restrict Jira server access to trusted internal networks only. Additionally, organizations should review and tighten Jira permission schemes and audit user roles regularly. Employing Web Application Firewalls (WAFs) with custom rules to detect suspicious requests targeting Jira privilege escalation vectors can provide an additional layer of defense. Finally, organizations should stay informed about any emerging exploit reports and apply patches promptly.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- atlassian
- Date Reserved
- 2025-01-01T00:01:27.175Z
- Cisa Enriched
- true
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682cd0f71484d88663aeac8f
Added to database: 5/20/2025, 6:59:03 PM
Last enriched: 7/6/2025, 5:55:51 AM
Last updated: 8/18/2025, 11:29:53 PM
Views: 14
Related Threats
CVE-2025-24902: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA
CriticalCVE-2025-52451: CWE-20 Improper Input Validation in Salesforce Tableau Server
HighCVE-2025-52450: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Salesforce Tableau Server
HighCVE-2025-26498: CWE-434 Unrestricted Upload of File with Dangerous Type in Salesforce Tableau Server
CriticalCVE-2025-26497: CWE-434 Unrestricted Upload of File with Dangerous Type in Salesforce Tableau Server
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.