Authorization Flaw in Jira Align Affects User Privilege Management
CVE-2025-22170

5.3MEDIUM

Key Information:

Vendor

Atlassian
Status
Jira Align
Vendor
CVE Published:
22 October 2025

What is CVE-2025-22170?

Jira Align contains a significant authorization issue that enables low-privilege users to manipulate state-related parameters linked to privileged users. This loophole may allow unauthorized actions to be performed, compromising the integrity of user permissions and potentially leading to unauthorized data access. Organizations utilizing Jira Align should promptly assess their security posture and implement necessary mitigations.

Affected Version(s)

Jira Align >= 11.14.0 < 11.14.0

Jira Align >= 11.14.1 >= 11.14.1

Jira Align >= 11.15.0 >= 11.15.0

References

https://jira.atlassian.com/browse/JIRAALIGN-8639

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Frank Lycops, NATO Cyber Security Centre
JSON
.
CVE-2025-22170 : Authorization Flaw in Jira Align Affects User Privilege Management