Path Traversal Vulnerability in Jira Software Data Center and Server by Atlassian
CVE-2025-22167

8.7HIGH

Key Information:

Vendor

Atlassian
Status
Jira Software Data Center
Jira Software Server
Vendor
CVE Published:
22 October 2025

Badges

📈 Score: 1,350👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-22167?

CVE-2025-22167 is a high-severity vulnerability found in Jira Software Data Center and Server, developed by Atlassian. This vulnerability pertains to a Path Traversal (Arbitrary Write) issue, which allows an attacker to manipulate file system paths that are writable by the Jira JVM process. With a CVSS score of 8.7, the significance of this flaw cannot be understated, as it could potentially enable unauthorized modifications or overwrites of files within the system. This can lead to severe disruptions, including data corruption, unauthorized data access, or service interruptions, ultimately jeopardizing the integrity and availability of the organization's data.

The vulnerability affects specific versions of Jira Software Data Center and Server: 9.12.0, 10.3.0, and remains relevant in 11.0.0. Organizations utilizing these versions are at increased risk unless they promptly upgrade to recommended fixed releases. Failure to address this vulnerability could facilitate exploitation by malicious actors, further compounding the risk to sensitive data and operational stability within the organization.

Potential impact of CVE-2025-22167

  1. Unauthorized File Manipulation: Attackers can exploit this vulnerability to modify any filesystem path writable by the Jira application, allowing for unauthorized changes to critical system files or unauthorized access to sensitive information.

  2. Data Corruption and Loss: By overwriting essential system files, an attacker could corrupt data or cause the application to malfunction, leading to potential data loss that could have detrimental effects on business operations and decision-making processes.

  3. Service Disruption: The ability to manipulate file paths could result in significant disruptions in service availability. This could affect business continuity, resulting in downtime for essential services that rely on Jira, adversely impacting workflows and productivity within an organization.

Affected Version(s)

Jira Software Data Center 11.0.0 to 11.0.1

Jira Software Data Center 10.3.0 to 10.3.11

Jira Software Data Center 9.12.0 to 9.12.27

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-22167
Created by issamjr

News Articles

favicon imageCyber Press

Critical Jira Vulnerability Enables Arbitrary File Modification via JVM Access

The vulnerability, tracked as CVE-2025-22167, carries a high severity rating with a CVSS score of 8.7 and presents a significant risk

2 weeks ago

References

https://confluence.atlassian.com/pages/viewpage.action?pa...
https://jira.atlassian.com/browse/JSWSERVER-26552

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Cyber Press

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-22167 : Path Traversal Vulnerability in Jira Software Data Center and Server by Atlassian