Authorization Issue in Jira Align by Atlassian
CVE-2025-22177

5.3MEDIUM

Key Information:

Vendor: Atlassian
Status: Jira Align
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-22177?

Jira Align by Atlassian has a vulnerability that permits low-privilege users to gain unauthorized access to certain endpoints, leading to the exposure of limited sensitive information. This issue could potentially allow unauthorized visibility into team overviews that were not intended for their user level, compromising the confidentiality of organizational data.

Affected Version(s)

Jira Align >= 11.14.0 < 11.14.0

Jira Align >= 11.14.1 >= 11.14.1

Jira Align >= 11.15.0 >= 11.15.0

References

https://jira.atlassian.com/browse/JIRAALIGN-8646

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Jan 1, 2025

Credit

Frank Lycops, NATO Cyber Security Centre

JSON