Authorization Flaw in Jira Align by Atlassian
CVE-2025-22174

5.3MEDIUM

Key Information:

Vendor

Atlassian
Status
Jira Align
Vendor
CVE Published:
22 October 2025

What is CVE-2025-22174?

An authorization vulnerability in Jira Align allows low-privilege users to access unexpected endpoints, potentially revealing sensitive information such as portfolio rooms without the necessary permissions. This flaw poses a risk of unauthorized data exposure, necessitating prompt remediation measures for affected users.

Affected Version(s)

Jira Align >= 11.14.0 < 11.14.0

Jira Align >= 11.14.1 >= 11.14.1

Jira Align >= 11.15.0 >= 11.15.0

References

https://jira.atlassian.com/browse/JIRAALIGN-8643

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Frank Lycops, NATO Cyber Security Centre
JSON
.
CVE-2025-22174 : Authorization Flaw in Jira Align by Atlassian