InfoSecBulletin Cybersecurity for mankind
A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by enabling privilege escalation attacks, allowing attackers to gain elevated system privileges.
This serious flaw has a CVSS score of 7.2, posing a significant risk to businesses using Atlassian’s project and service management platforms.
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps
Alert
40,000 + live internet cameras exposed globally !
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched
84,000+ Roundcube instances vulnerable to actively exploited flaw
CVE-2025-24016
Critical Wazuh RCE Actively Exploited by Mirai Botnets
CISA Issues Seven Advisories for Industrial Control Systems (ICS)
ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware
Fortinet flaws now exploited in Qilin ransomware attacks
According to Atlassian’s advisory, the vulnerability “allows an attacker to perform actions as a higher-privileged user.”
This means that someone with low-level access could increase their privileges and get admin rights or access restricted areas in Jira.
The vulnerability was introduced in the Jira Core Data Center versions 9.12.0, 10.3.0, 10.4.0, and 10.5.0. And the Jira Service Management Data Center versions 5.12.0, 10.3.0, 10.4.0, and 10.5.0
Atlassian advises all affected users to upgrade immediately. If a full upgrade isn’t feasible, it’s crucial to patch to a supported fixed version.
Jira Core Data Center
9.12.x → Upgrade to ≥ 9.12.20
10.3.x → Upgrade to ≥ 10.3.5
10.5.x → Upgrade to ≥ 10.5.1
10.6.x → Upgrade to ≥ 10.6.0
Jira Service Management Data Center
5.12.x → Upgrade to ≥ 9.12.20
10.3.x → Upgrade to ≥ 10.3.5
10.5.x → Upgrade to ≥ 10.5.1
10.6.x → Upgrade to ≥ 10.6.0
