Privilege Escalation Vulnerability in Jira Core and Service Management

CVE-2025-22157

What is CVE-2025-22157?

CVE-2025-22157 is a high-severity privilege escalation vulnerability affecting the Atlassian products, Jira Core Data Center, and Jira Service Management. This vulnerability specifically exists in versions 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core, as well as versions 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management. With a CVSS score of 7.2, this vulnerability allows attackers to perform actions with the permissions of a higher-privileged user. This can severely compromise the integrity of an organization’s data and systems, allowing unauthorized individuals to gain elevated access, execute unauthorized changes, or potentially breach sensitive information. Organizations relying on these Jira systems for project management and workflow automation must prioritize addressing this vulnerability to safeguard their operational integrity and data security.

Potential impact of CVE-2025-22157

1. Unauthorized Access and Data Manipulation: The vulnerability can enable attackers to escalate their privileges, allowing them to access, modify, or delete sensitive data within the Jira platform. Such access could lead to unauthorized changes in project statuses, user permissions, or sensitive information exposure.

2. Compromise of System Integrity: By gaining elevated privileges, an attacker can alter system configurations and workflows, potentially leading to further exploitation of the system and implementation of malicious modifications that undermine the integrity of the applications and processes reliant on Jira.

3. Escalation to Broader Network Attacks: Once an attacker successfully exploits this vulnerability, they can leverage their newly acquired privileges to pivot into adjacent systems or applications integrated with Jira. This lateral movement could facilitate a more extensive compromise across the organization, putting additional sensitive systems at risk.

References