| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.0 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Atlassian Jira Core Data Center, Jira Core Server, Jira Service Management Data Center and Jira Service Management Server. Impacted is an unknown function. This manipulation causes Remote Privilege Escalation. This vulnerability is tracked as CVE-2025-22157. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.
Details
A vulnerability was found in Atlassian Jira Core Data Center, Jira Core Server, Jira Service Management Data Center and Jira Service Management Server (affected version not known). It has been declared as critical. Affected by this vulnerability is some unknown functionality. The manipulation with an unknown input leads to a remote privilege escalation vulnerability. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20 Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20 Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. This vulnerability was reported via our Atlassian (Internal) program.
It is possible to read the advisory at confluence.atlassian.com. This vulnerability is known as CVE-2025-22157 since 01/01/2025. The exploitation appears to be easy. The attack can be launched remotely. The technical details are unknown and an exploit is not publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 237231 (Atlassian Jira Service Management Data Center and Server 5.12.x < 5.12.20 / 5.12.22 / 10.3.x < 10.3.5 / 10.4.x < 10.5.1 / 10.6.0 (JSDSERVER-16206)), which helps to determine the existence of the flaw in a target environment.
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the databases at Tenable (237231) and EUVD (EUVD-2025-15883). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
- Jira Core Data Center
- Jira Core Server
- Jira Service Management Data Center
- Jira Service Management Server
License
Website
- Vendor: https://www.atlassian.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CNA CVSS-B Score: 🔍
CNA CVSS-BT Score: 🔍
CNA Vector: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Privilege escalationCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 237231
Nessus Name: Atlassian Jira Service Management Data Center and Server 5.12.x < 5.12.20 / 5.12.22 / 10.3.x < 10.3.5 / 10.4.x < 10.5.1 / 10.6.0 (JSDSERVER-16206)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
01/01/2025 🔍05/20/2025 🔍
05/20/2025 🔍
05/26/2025 🔍
Sources
Vendor: atlassian.comAdvisory: confluence.atlassian.com
Status: Confirmed
CVE: CVE-2025-22157 (🔍)
GCVE (CVE): GCVE-0-2025-22157
GCVE (VulDB): GCVE-100-309787
EUVD: 🔍
Entry
Created: 05/20/2025 20:26Updated: 05/26/2025 18:29
Changes: 05/20/2025 20:26 (63), 05/21/2025 08:30 (1), 05/26/2025 18:29 (2)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.