Confluence DC 2.0 DoS via resource exhaustion (fixed in 8.5.25/9.2.7/10.0.2)
CVE-2025-22166 Published on October 21, 2025
This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.25 Confluence Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7 Confluence Data Center and Server 10.0: Upgrade to a release greater than or equal to 10.0.2 See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was reported via our Atlassian (Internal) program.
Weakness Type
What is an Amplification Vulnerability?
Software that does not appropriately monitor or control resource consumption can lead to adverse system performance. This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system or the network.
CVE-2025-22166 has been classified to as an Amplification vulnerability or weakness.
Products Associated with CVE-2025-22166
Want to know whenever a new CVE is published for Atlassian Confluence? stack.watch will email you.
Affected Versions
Atlassian Confluence Data Center:- Version 9.5.1 to 9.5.4 is affected.
- Version 9.4.0 to 9.4.1 is affected.
- Version 9.3.1 to 9.3.2 is affected.
- Version 9.2.0 to 9.2.6 is affected.
- Version 9.1.0 to 9.1.1 is affected.
- Version 9.0.1 to 9.0.3 is affected.
- Version 8.9.0 to 8.9.8 is affected.
- Version 8.8.0 to 8.8.1 is affected.
- Version 8.7.1 to 8.7.2 is affected.
- Version 8.6.1 to 8.6.2 is affected.
- Version 8.5.3 to 8.5.24 is affected.
- Version 7.19.16 to 7.19.30 is affected.
- Version 10.0.2 to 10.0.3 is unaffected.
- Version 9.2.7 to 9.2.9 is unaffected.
- Version 8.5.25 to 8.5.27 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.