Authorization Vulnerability in Jira Align by Atlassian
CVE-2025-22172

5.3MEDIUM

Key Information:

Vendor: Atlassian
Status: Jira Align
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-22172?

Jira Align has been identified with an authorization vulnerability that allows low-privilege users to access sensitive endpoints, which can inadvertently disclose limited sensitive information. Notably, this misconfiguration enables users with insufficient permissions to view external reports that should be restricted, posing a risk of exposing confidential data. Proper access controls are essential to prevent unauthorized information access in affected versions.

Affected Version(s)

Jira Align >= 11.14.0 < 11.14.0

Jira Align >= 11.14.1 >= 11.14.1

Jira Align >= 11.15.0 >= 11.15.0

References

https://jira.atlassian.com/browse/JIRAALIGN-8641

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Jan 1, 2025

Credit

Frank Lycops, NATO Cyber Security Centre

JSON