Jira Software Vulnerability Let Attacker Modify Any Filesystem Path Writable By JVM process

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

EXECUTIVE SUMMARY:

A high-severity path traversal vulnerability CVE-2025-22167, CVSS 8.7 in Jira Software Data Center and Server allows an authenticated attacker to write arbitrary files to any filesystem path writable by the JVM process. The flaw affects versions 9.12.0 through 11.0.1 and enables low-privilege users to inject malicious requests with traversal sequences (e.g., “../”) to bypass restrictions and target sensitive directories. Remote exploitation is possible without user interaction.

RECOMMENDATION:

We strongly recommend you update Jira Software Data Center and Server to version 9.12.28 or later for the 9.x series, 10.3.12 or higher for 10.x, and 11.1.0 or beyond for the latest branch.

REFERENCES:

The following reports contain further technical details:

https://cybersecuritynews.com/jira-software-vulnerability/

Recent Advisories

Qilin Ransomware Operation Targets Global Manufacturing and Service Sectors

October 27, 2025

Telerik and Dell Unity Vulnerability Expose Systems to Remote Attacks

October 27, 2025

Malicious Campaign on Asian Targets Deploying the HoldingHands Payload

October 27, 2025

PhantomCaptcha RAT Leveraging Multi-Stage PowerShell Chain and Fake Verification Pages Against Ukraine

October 27, 2025

Jira Software Vulnerability Let Attacker Modify Any Filesystem Path Writable By JVM process

Recent Advisories

Report an Incident