InfoSecBulletin Cybersecurity for mankind
A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by enabling privilege escalation attacks, allowing attackers to gain elevated system privileges.
This serious flaw has a CVSS score of 7.2, posing a significant risk to businesses using Atlassian’s project and service management platforms.
184 Million Leaked Credentials Discovered in Open Database
Palo Alto Networks Warns of XSS Flaw: PoC Released
Pwn2Own Berlin reveals 29 critical vulns in major tech firms
High-Severity Flaw Hits Atlassian Jira Data Center
All major mobile networks go down across Spain
Researchers found 200 billion files exposed in cloud buckets
Bank server compromised using customer’s mobile, steal ₹11 crore
“InfoSecCon-2025″ held successfully promising cyber resilience
Intel PC, laptop and server processors affected for 6 years: Report
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
According to Atlassian’s advisory, the vulnerability “allows an attacker to perform actions as a higher-privileged user.”
This means that someone with low-level access could increase their privileges and get admin rights or access restricted areas in Jira.
The vulnerability was introduced in the Jira Core Data Center versions 9.12.0, 10.3.0, 10.4.0, and 10.5.0. And the Jira Service Management Data Center versions 5.12.0, 10.3.0, 10.4.0, and 10.5.0
Atlassian advises all affected users to upgrade immediately. If a full upgrade isn’t feasible, it’s crucial to patch to a supported fixed version.
Jira Core Data Center
9.12.x → Upgrade to ≥ 9.12.20
10.3.x → Upgrade to ≥ 10.3.5
10.5.x → Upgrade to ≥ 10.5.1
10.6.x → Upgrade to ≥ 10.6.0
Jira Service Management Data Center
5.12.x → Upgrade to ≥ 9.12.20
10.3.x → Upgrade to ≥ 10.3.5
10.5.x → Upgrade to ≥ 10.5.1
10.6.x → Upgrade to ≥ 10.6.0
