CVE-2025-22170

🗓️ 22 Oct 2025 16:30:04Reported by atlassianType

CVE-2025-22170: Jira Align has an authorization flaw enabling a low-privilege user to act using a privileged user's state parameter.

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2025-22170	22 Oct 202517:13	–	circl
CNNVD	Atlassian Jira Align 安全漏洞	22 Oct 202500:00	–	cnnvd
Cvelist	CVE-2025-22170	22 Oct 202516:30	–	cvelist
EUVD	EUVD-2025-35601	22 Oct 202516:30	–	euvd
NVD	CVE-2025-22170	22 Oct 202517:15	–	nvd
RedhatCVE	CVE-2025-22170	23 Oct 202518:14	–	redhatcve
Vulnrichment	CVE-2025-22170	22 Oct 202516:30	–	vulnrichment

NVD

Node

atlassian jira_alignRange11.14.0–11.16.1

[
  {
    "vendor": "Atlassian",
    "product": "Jira Align",
    "versions": [
      {
        "version": "< 11.14.0",
        "status": "unaffected"
      },
      {
        "version": ">= 11.14.0",
        "status": "affected"
      },
      {
        "version": ">= 11.14.1",
        "status": "affected"
      },
      {
        "version": ">= 11.15.0",
        "status": "affected"
      },
      {
        "version": ">= 11.15.1",
        "status": "affected"
      },
      {
        "version": ">= 11.16.0",
        "status": "affected"
      },
      {
        "version": ">= 11.16.1",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
jira	www.jira.atlassian.com/browse/JIRAALIGN-8639

24 Oct 2025 14:24Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.14.3

CVSS 45.3

EPSS0.00037

SSVC

CWE-285