CVE-2025-22167 is a path traversal vulnerability in Atlassian Jira Software Data Center and Server that enables an attacker with low privileges to arbitrarily read from and write to any filesystem path writable by the Jira JVM process. This vulnerability was introduced in versions 9.12.0, 10.3.0, and persists in 11.0.0. The flaw allows attackers to bypass normal access controls by manipulating file paths, potentially leading to unauthorized modification or disclosure of files, including configuration files, logs, or other sensitive data stored on the server. The vulnerability does not require user interaction and can be exploited remotely over the network, increasing its risk profile. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L - low privileges), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). Atlassian has addressed this vulnerability in versions 9.12.28, 10.3.12, and 11.1.0 and recommends immediate upgrades. Failure to patch could allow attackers to alter Jira data, disrupt services, or use the compromised system as a foothold for further attacks. No public exploits are known yet, but the severity and ease of exploitation make it a critical patching priority.

For European organizations, this vulnerability poses significant risks including unauthorized access to sensitive project management data, potential leakage of confidential business information, and disruption of critical workflows managed via Jira. Since Jira is widely used in software development, IT service management, and project tracking, exploitation could impact operational continuity and data integrity. Attackers could modify files to implant backdoors, delete or alter project data, or disrupt service availability, leading to financial losses and reputational damage. Organizations in regulated sectors such as finance, healthcare, and government may face compliance violations if sensitive data is exposed. The network-exploitable nature and lack of required user interaction increase the likelihood of targeted attacks, especially in environments where Jira is internet-facing or insufficiently segmented. The absence of known exploits currently provides a window for proactive mitigation, but the high CVSS score underscores the urgency of patching.

European organizations should immediately assess their Jira Software Data Center and Server deployments to identify affected versions. The primary mitigation is to upgrade to Atlassian Jira versions 9.12.28 or later, 10.3.12 or later, or 11.1.0 or later as recommended by Atlassian. If immediate upgrade is not feasible, organizations should restrict network access to Jira instances by implementing strict firewall rules, limiting access to trusted IPs, and isolating Jira servers within secure network segments. Additionally, review and tighten filesystem permissions to minimize writable paths accessible by the Jira JVM process. Enable comprehensive logging and monitoring to detect unusual file access or modification patterns indicative of exploitation attempts. Employ intrusion detection systems tuned for anomalous behavior on Jira servers. Regularly back up Jira data and configurations to enable recovery in case of compromise. Finally, maintain awareness of Atlassian security advisories for any updates or emerging exploit reports.