CVE-2025-22157

🗓️ 20 May 2025 18:00:01Reported by atlassianType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 93 Views

High severity Privilege Escalation vulnerability in Jira requires upgrades to specific fixed versions.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2025-22157	20 May 202518:15	–	attackerkb
Circl	CVE-2025-22157	2 Jun 202517:04	–	circl
CNNVD	Atlassian Jira Core Data和Atlassian Jira Service Management Data 安全漏洞	20 May 202500:00	–	cnnvd
Cvelist	CVE-2025-22157	20 May 202518:00	–	cvelist
EUVD	EUVD-2025-15883	3 Oct 202520:07	–	euvd
Tenable Nessus	Atlassian Jira 9.12.x < 9.12.20 / 10.3.x < 10.3.5 / 10.4.x < 10.5.1 / 10.6.0 (JRASERVER-78766)	26 May 202500:00	–	nessus
Tenable Nessus	Atlassian Jira Service Management Data Center and Server 5.12.x < 5.12.20 / 5.12.22 / 10.3.x < 10.3.5 / 10.4.x < 10.5.1 / 10.6.0 (JSDSERVER-16206)	26 May 202500:00	–	nessus
Tenable Nessus	Atlassian Jira < 9.12.20 Privilege Escalation	22 May 202500:00	–	nessus
Tenable Nessus	Atlassian Jira 10.3.x < 10.3.5 Privilege Escalation	22 May 202500:00	–	nessus
Tenable Nessus	Atlassian Jira 10.5.x < 10.5.1 Privilege Escalation	22 May 202500:00	–	nessus

NVD

CNA

Node

atlassian jira_data_centerRange5.12.0–5.12.20

atlassian jira_data_centerRange9.12.0–9.12.20

atlassian jira_data_centerRange10.3.0–10.3.5

atlassian jira_data_centerRange10.4.0–10.5.1

atlassian jira_serverRange9.12.0–9.12.20

atlassian jira_serverRange10.3.0–10.3.5

atlassian jira_serverRange10.4.0–10.5.1

[
  {
    "vendor": "Atlassian",
    "product": "Jira Core Data Center",
    "versions": [
      {
        "version": "10.5.0",
        "status": "affected"
      },
      {
        "version": "10.4.0 to 10.4.1",
        "status": "affected"
      },
      {
        "version": "10.3.0 to 10.3.4",
        "status": "affected"
      },
      {
        "version": "9.12.0 to 9.12.19",
        "status": "affected"
      },
      {
        "version": "10.6.0",
        "status": "unaffected"
      },
      {
        "version": "10.5.1",
        "status": "unaffected"
      },
      {
        "version": "10.3.5 to 10.3.6",
        "status": "unaffected"
      },
      {
        "version": "9.12.22 to 9.12.23",
        "status": "unaffected"
      }
    ]
  },
  {
    "vendor": "Atlassian",
    "product": "Jira Core Server",
    "versions": [
      {
        "version": "9.12.0 to 9.12.19",
        "status": "affected"
      },
      {
        "version": "9.12.22 to 9.12.23",
        "status": "unaffected"
      }
    ]
  },
  {
    "vendor": "Atlassian",
    "product": "Jira Service Management Data Center",
    "versions": [
      {
        "version": "10.5.0",
        "status": "affected"
      },
      {
        "version": "10.4.0 to 10.4.1",
        "status": "affected"
      },
      {
        "version": "10.3.0 to 10.3.4",
        "status": "affected"
      },
      {
        "version": "5.12.0 to 5.12.19",
        "status": "affected"
      },
      {
        "version": "10.6.0",
        "status": "unaffected"
      },
      {
        "version": "10.5.1",
        "status": "unaffected"
      },
      {
        "version": "10.3.5 to 10.3.6",
        "status": "unaffected"
      },
      {
        "version": "5.12.22 to 5.12.23",
        "status": "unaffected"
      }
    ]
  },
  {
    "vendor": "Atlassian",
    "product": "Jira Service Management Server",
    "versions": [
      {
        "version": "5.12.0 to 5.12.19",
        "status": "affected"
      },
      {
        "version": "5.12.22 to 5.12.23",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
confluence	www.confluence.atlassian.com/pages/viewpage.action
jira	www.jira.atlassian.com/browse/JRASERVER-78766
jira	www.jira.atlassian.com/browse/JSDSERVER-16206

12 Jun 2025 16:20Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.18.8

CVSS 47.2

EPSS0.0029

SSVC

CWE-284