Vulnerability in Atlassian Jira Core Data Center

CVE-2025-22157

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center…

EPSS: 0.003 (52.7th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira Core Data Center — versions 10.5.0, 10.4.0 to 10.4.1, 10.3.0 to 10.3.4
Atlassian Jira Core Server — versions 9.12.0 to 9.12.19, 9.12.22 to 9.12.23
Atlassian Jira Service Management Data Center — versions 10.5.0, 10.4.0 to 10.4.1, 10.3.0 to 10.3.4
Atlassian Jira Service Management Server — versions 5.12.0 to 5.12.19, 5.12.22 to 5.12.23

References

confluence.atlassian.com/pages/viewpage.action
jira.atlassian.com/browse/JRASERVER-78766
jira.atlassian.com/browse/JSDSERVER-16206