Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-22157
CVE-2025-22157:
JIRA vulnerability analysis and mitigation
Overview
A high-severity privilege escalation vulnerability (CVE-2025-22157) was discovered affecting multiple versions of Atlassian's Jira products. The vulnerability was introduced in versions 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server, as well as versions 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server. The vulnerability was reported through Atlassian's internal program and received a CVSS score of 7.2, categorizing it as high severity (Atlassian Bulletin, NVD).
Technical details
The vulnerability is classified as a Privilege Escalation (PrivEsc) issue with a CVSS v4.0 vector string of CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges to execute, and doesn't require user interaction. The specific technical issue occurs when a user exports a parent issue using the 'Print' or 'Export Word' feature, where subtask's titles and links are included even though the user does not have view permission (JRASERVER-78766).
Impact
The vulnerability allows an attacker to perform actions as a higher-privileged user within the affected Jira systems. This could potentially lead to unauthorized access to sensitive information and system functions, compromising the security of the Jira installation (Wiz).
Mitigation and workarounds
Atlassian recommends upgrading to the latest versions or specific fixed versions: For Jira Core Data Center 9.12: upgrade to version 9.12.20 or higher; For version 10.3: upgrade to 10.3.5 or higher; For version 10.4: upgrade to 10.6.0 or higher; For version 10.5: upgrade to 10.5.1 or higher. Similar version upgrades are recommended for Jira Service Management Data Center (Atlassian Bulletin).
Community reactions
The vulnerability has gained attention in the cybersecurity community, with security researchers highlighting the importance of prompt patching due to the potential for privilege escalation attacks (Daily CyberSecurity).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management