CVE-2025-22167

CWE-22Path Traversal3 documents3 sources
Severity
8.7HIGH
EPSS
0.1%
top 76.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Atlassian Jira Data CenterAtlassian Jira ServerAtlassian Jira Software Data Center+1 more
Timeline
PublishedOct 22

Description

This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.7, allows an attacker to modify any filesystem path writable by the Jira JVM process. Atlassian recommends that Jira Software Data Center and Server customers upgrade to the latest version; if you are unable to do so, upgrade your instance to on

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5atlassian/jira_software_data_center10.3.0 to 10.3.11, 11.0.0 to 11.0.1, 9.12.0 to 9.12.27+2
NVDatlassian/jira_data_center9.12.09.12.28+2
CVEListV5atlassian/jira_software_server9.12.0 to 9.12.27
NVDatlassian/jira_server9.12.09.12.28+2

🔴Vulnerability Details

2
GHSA
GHSA-wvj6-fjwf-f68m: This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 92025-10-22
CVEList
CVE-2025-22167: This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 92025-10-22
CVE-2025-22167 (HIGH CVSS 8.7) | This High severity Path Traversal ( | cvebase.io