CVE-2025-22157

Published May 20, 2025

Last updated 2 months ago

CVSS high 7.2
Atlassian Jira

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-22157 is a privilege escalation vulnerability affecting Atlassian Jira Core Data Center and Server, and Jira Service Management Data Center and Server. The vulnerability exists in versions 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core, and versions 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management. Successful exploitation of CVE-2025-22157 allows an attacker to perform actions as a higher-privileged user. Atlassian recommends upgrading to the latest version or specific supported fixed versions to mitigate this vulnerability.

Description
This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20 Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20 Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. This vulnerability was reported via our Atlassian (Internal) program.
Source
security@atlassian.com
NVD status
Analyzed
Products
jira_data_center, jira_server

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-284

Social media

Hype score
Not currently trending

  1. Atlassian Jira DC/Server bajo fuego: CVE-2025-22157 (CVSS 7.2) te regala privilegios admin sin pedir permiso. Parchéalo YA. 😉 #CVE2025 #Jira #bugbountytips https://t.co/NgFHDivMS0

    @gorkaelbochi

    2 Jul 2025

    9 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨CVE-2025-22157: Privilege Escalation Vulnerability in Jira Core Data Center https://t.co/FzRoVk06Vs

    @DarkWebInformer

    2 Jul 2025

    4052 Impressions

    2 Retweets

    13 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  3. 🚨CVE-2025-22157: PrivEsc (Privilege Escalation) in Jira Core Data Center FOFA Link: https://t.co/sxRGTUc5fy FOFA Query: app="JIRA" GitHub Advisory: https://t.co/LbxSRZxbMg Results: 94,656 results https://t.co/T8Ax3nt6sk

    @DarkWebInformer

    2 Jun 2025

    10618 Impressions

    37 Retweets

    123 Likes

    48 Bookmarks

    0 Replies

    1 Quote

  4. 🚨Alert🚨 CVE-2025-22157: A High severity PrivEsc (Privilege Escalation) vulnerability in Jira Core Data Center 📊 75.1K+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/9Iaj6kqzRA 👇Query HUNTER : https://t.co/q9rtuGgxk7="Atlassian J

    @HunterMapping

    22 May 2025

    2650 Impressions

    11 Retweets

    26 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-22157: Improper Access Control in Atlassian Jira, 7.2 rating❗️ Vuln allows an authenticated attackers to escalate their privileges to administrator level . Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/wgRNGGhltG #cybersecurity #vulnerability_map http

    @Netlas_io

    21 May 2025

    1414 Impressions

    8 Retweets

    11 Likes

    4 Bookmarks

    0 Replies

    1 Quote

  6. ⚠️⚠️ CVE-2025-22157: High-Severity Privilege Escalation Threat Hits Atlassian Jira Data Center 🎯95k+ Results are found on the https://t.co/pb16tGXCUG nearly year. 🔗FOFA Link: https://t.co/xpBEtLcLoR FOFA Query:app="JIRA" 🔖Refer:https://t.co/3gaF3Ym47Y #OSINT #FOF

    @fofabot

    21 May 2025

    1894 Impressions

    21 Retweets

    49 Likes

    14 Bookmarks

    0 Replies

    0 Quotes

  7. ⚡️The vulnerability details are now available: https://t.co/aqaSNysikA 🚨🚨CVE-2025-22157 hits Atlassian Jira Data Center! A privilege escalation flaw lets attackers with low access climb to admin-level powers—unlocking restricted workflows & sensitive data. Zoo

    @zoomeye_team

    21 May 2025

    725 Impressions

    4 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.