AI description
CVE-2025-22167 is a path traversal vulnerability affecting Jira Software Data Center and Server. It allows an authenticated attacker with network access to the Jira web interface to modify any filesystem path writable by the Jira Java Virtual Machine (JVM) process. The vulnerability stems from inadequate input validation in file handling, which allows attackers to bypass path restrictions and write arbitrary files to locations accessible by the JVM. The vulnerability was introduced in Jira Software versions 9.12.0 and 10.3.0, and persisted through version 11.0.0. Atlassian has released patches to address the issue. It is recommended that users upgrade to versions 9.12.28, 10.3.12, or 11.1.0 or later.
- Description
- This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.7, allows an attacker to modify any filesystem path writable by the Jira JVM process. Atlassian recommends that Jira Software Data Center and Server customers upgrade to the latest version; if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Software Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.28 Jira Software Data Center and Server 10.3: Upgrade to a release greater than or equal to 10.3.12 Jira Software Data Center and Server 11.0: Upgrade to a release greater than or equal to 11.1.0 See the release notes. You can download the latest version of Jira Software Data Center and Server from the download center. This vulnerability was reported via our Atlassian (Internal) program.
- Source
- security@atlassian.com
- NVD status
- Analyzed
- Products
- jira_data_center, jira_server
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-22
- Hype score
- Not currently trending
🔴 Jira #Software Data Center and Server, Path Traversal (Arbitrary Write), #CVE-2025-22167 (High) https://t.co/qpuMDKToM8
@dailycve
5 Dec 2025
27 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#VulnerabilityReport #ArbitraryFileWrite Jira Path Traversal Flaw (CVE-2025-22167) Allows Arbitrary File Write on Server/Data Center https://t.co/onuL8HJH4q
@Komodosec
29 Nov 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad en productos Atlassian ❗CVE-2025-22167 ➡️Más info: https://t.co/12H5EdOiOA https://t.co/XaP6v8VBWz
@CERTpy
30 Oct 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Jira、パストラバーサル(任意ファイル書き込み)の脆弱性を修正(CVE-2025-22167) https://t.co/0A6OXWAPY9 #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
27 Oct 2025
231 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Wah, 🚨 alert kritis dari @HunterMapping! CVE-2025-22167 ngena Jira Atlassian: Path traversal flaw yang izinin attacker tulis file arbitrary di server/data center. CVSS 8.7 High, affected versi 9.12+ sampe 11.0.1. Lebih parah lagi, https://t.co/4noeiJck7T nemuin 167K+ layanan
@BJORKANISM_REAL
24 Oct 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:CVE-2025-22167: Jira Path Traversal Flaw Allows Arbitrary File Write on Server/Data Center 📊167.2K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/9Iaj6kq222 👇Query HUNTER : https://t.co/q9rtuGfZuz="Atlassian JIRA" https
@HunterMapping
24 Oct 2025
4130 Impressions
24 Retweets
72 Likes
29 Bookmarks
2 Replies
0 Quotes
Critical Jira Flaw Allows Attackers to Modify JVM Files Atlassian disclosed a critical path traversal flaw (CVE-2025-22167) in Jira Data Center and Server, enabling authenticated attackers to modify files accessible to the Jira JVM process. With a CVSS score of 8.7, it impacts h
@Secwiserapp
23 Oct 2025
70 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-22167 (CVSS 8.7): Jira Path Traversal flaw allows arbitrary file writes to any JVM-writable path. Possible RCE when chained with other exploits. Search by vul.cve Filter👉vul.cve="CVE-2025-22167" ZoomEye Dork👉app="Atlassian JIRA" Over 107k vulnerable instan
@zoomeye_team
23 Oct 2025
13170 Impressions
58 Retweets
187 Likes
72 Bookmarks
0 Replies
2 Quotes
CVE-2025-22167 Path Traversal (Arbitrary Write) in Jira Service Management Data Center and Server Data Center and Server https://t.co/gCH6Qm6cZ7 Path Traversal (Arbitrary Write) in Jira Software Data Center and Server https://t.co/9uCF8cLWlH
@autumn_good_35
22 Oct 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-22167: HIGH] Critical Path Traversal vulnerability found in Jira Software versions 9.12.0, 10.3.0, and 11.0.0 allows attackers to write arbitrary files. Atlassian urges immediate software updates.#cve,CVE-2025-22167,#cybersecurity https://t.co/H86kFRrSL2 https://t.co/Qz
@CveFindCom
22 Oct 2025
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22167 This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center… https://t.co/HPDE3vXBN2
@CVEnew
22 Oct 2025
240 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C914B6E0-96C5-4C70-981A-D717B3B7B0C3",
"versionEndExcluding": "9.12.28",
"versionStartIncluding": "9.12.0"
},
{
"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEB66E56-CE3E-4BC9-BDF5-DA91857CE22E",
"versionEndExcluding": "10.3.12",
"versionStartIncluding": "10.3.0"
},
{
"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD652677-9659-4FA2-BDF9-042E5DC03660",
"versionEndExcluding": "11.1.0",
"versionStartIncluding": "11.0.0"
},
{
"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70A4159A-2FF4-4806-8584-C41057832511",
"versionEndExcluding": "9.12.28",
"versionStartIncluding": "9.12.0"
},
{
"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B45F1EB-8E07-4730-A8A4-6C5574228809",
"versionEndExcluding": "10.3.12",
"versionStartIncluding": "10.3.0"
},
{
"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36691455-EAD7-4C42-8EF0-C89521B4F216",
"versionEndExcluding": "11.1.0",
"versionStartIncluding": "11.0.0"
}
],
"operator": "OR"
}
]
}
]