CVE-2025-22167

🗓️ 22 Oct 2025 01:00:06Reported by atlassianType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 47 Views

High severity path traversal in Jira Data Center and Server allows arbitrary writes by the Jira JVM; upgrade to fixed versions.

Reporter	Title	Published	Views	Family All 15
GithubExploit	Exploit for CVE-2025-22167	27 Oct 202502:23	–	githubexploit
Circl	CVE-2025-22167	22 Oct 202503:10	–	circl
CNNVD	Atlassian Jira Software Data Center and Server 安全漏洞	22 Oct 202500:00	–	cnnvd
Cvelist	CVE-2025-22167	22 Oct 202501:00	–	cvelist
EUVD	EUVD-2025-35307	22 Oct 202501:00	–	euvd
Tenable Nessus	Atlassian Jira Service Management Data Center and Server 5.12.x < 5.12.28 / 10.3.x < 10.3.12 / 11.0.x < 11.1.0 (JSDSERVER-16409)	22 Jan 202600:00	–	nessus
Tenable Nessus	Atlassian Jira 9.12.x < 9.12.28 Path Traversal	24 Oct 202500:00	–	nessus
Tenable Nessus	Atlassian Jira 10.3.x < 10.3.12 Path Traversal	24 Oct 202500:00	–	nessus
Tenable Nessus	Atlassian Jira 11.x < 11.1.0 Path Traversal	24 Oct 202500:00	–	nessus
Atlassian	Path Traversal (Arbitrary Write) in Jira Service Management Data Center and Server Data Center and Server	15 Oct 202504:47	–	atlassian

NVD

Node

atlassian jira_data_centerRange9.12.0–9.12.28

atlassian jira_data_centerRange10.3.0–10.3.12

atlassian jira_data_centerRange11.0.0–11.1.0

atlassian jira_serverRange9.12.0–9.12.28

atlassian jira_serverRange10.3.0–10.3.12

atlassian jira_serverRange11.0.0–11.1.0

[
  {
    "vendor": "Atlassian",
    "product": "Jira Software Data Center",
    "versions": [
      {
        "version": "11.0.0 to 11.0.1",
        "status": "affected"
      },
      {
        "version": "10.3.0 to 10.3.11",
        "status": "affected"
      },
      {
        "version": "9.12.0 to 9.12.27",
        "status": "affected"
      },
      {
        "version": "11.1.0 to 11.1.1",
        "status": "unaffected"
      },
      {
        "version": "10.3.12",
        "status": "unaffected"
      },
      {
        "version": "9.12.28",
        "status": "unaffected"
      }
    ]
  },
  {
    "vendor": "Atlassian",
    "product": "Jira Software Server",
    "versions": [
      {
        "version": "9.12.0 to 9.12.27",
        "status": "affected"
      },
      {
        "version": "9.12.28",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
jira	www.jira.atlassian.com/browse/JSWSERVER-26552
confluence	www.confluence.atlassian.com/pages/viewpage.action

05 Dec 2025 00:38Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.16.5

CVSS 48.7

EPSS0.00083

SSVC

CWE-22