Atlassian Jira PrivEsc affecting 9.12–10.5 (Java)
CVE-2025-22157 Published on May 20, 2025
This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20 Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20 Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. This vulnerability was reported via our Atlassian (Internal) program.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2025-22157 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2025-22157
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-22157 are published in Atlassian Jira:
Affected Versions
Atlassian Jira Core Data Center:- Version 10.5.0 is affected.
- Version 10.4.0 to 10.4.1 is affected.
- Version 10.3.0 to 10.3.4 is affected.
- Version 9.12.0 to 9.12.19 is affected.
- Version 10.6.0 is unaffected.
- Version 10.5.1 is unaffected.
- Version 10.3.5 to 10.3.6 is unaffected.
- Version 9.12.22 to 9.12.23 is unaffected.
- Version 9.12.0 to 9.12.19 is affected.
- Version 9.12.22 to 9.12.23 is unaffected.
- Version 10.5.0 is affected.
- Version 10.4.0 to 10.4.1 is affected.
- Version 10.3.0 to 10.3.4 is affected.
- Version 5.12.0 to 5.12.19 is affected.
- Version 10.6.0 is unaffected.
- Version 10.5.1 is unaffected.
- Version 10.3.5 to 10.3.6 is unaffected.
- Version 5.12.22 to 5.12.23 is unaffected.
- Version 5.12.0 to 5.12.19 is affected.
- Version 5.12.22 to 5.12.23 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.