InfoSecBulletin Cybersecurity for mankind
A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by enabling privilege escalation attacks, allowing attackers to gain elevated system privileges.
This serious flaw has a CVSS score of 7.2, posing a significant risk to businesses using Atlassian’s project and service management platforms.
AMD discloses 4 new CPU flaws Affecting Many CPUs
GitLab patched XSS and Authorization Bypass Flaws
CVE-2025-7206
Critical D-Link DIR-825 Router Flaw Remote Crash Via Buffer Overflow
Urgently patch now: Zoom Patches 6 Flaws
Whatsapp rival ‘Bitchat’, message without internet
Splunk Addresses Third-Party Package Vulns in SOAR Versions
Texas-based Tax Credit Consultancy agency exposed PII, ID Numbers, & SSNs
CVE-2025-25257
Fortinet Addresses Major SQL Injection Flaw in FortiWeb
Microsoft July 2025 Patch Tuesday: One zero-day, 137 flaws
Android malware Anatsa infiltrates Google Play targeting banks worldwide
According to Atlassian’s advisory, the vulnerability “allows an attacker to perform actions as a higher-privileged user.”
This means that someone with low-level access could increase their privileges and get admin rights or access restricted areas in Jira.
The vulnerability was introduced in the Jira Core Data Center versions 9.12.0, 10.3.0, 10.4.0, and 10.5.0. And the Jira Service Management Data Center versions 5.12.0, 10.3.0, 10.4.0, and 10.5.0
Atlassian advises all affected users to upgrade immediately. If a full upgrade isn’t feasible, it’s crucial to patch to a supported fixed version.
Jira Core Data Center
9.12.x → Upgrade to ≥ 9.12.20
10.3.x → Upgrade to ≥ 10.3.5
10.5.x → Upgrade to ≥ 10.5.1
10.6.x → Upgrade to ≥ 10.6.0
Jira Service Management Data Center
5.12.x → Upgrade to ≥ 9.12.20
10.3.x → Upgrade to ≥ 10.3.5
10.5.x → Upgrade to ≥ 10.5.1
10.6.x → Upgrade to ≥ 10.6.0
