What is the severity of CVE-2025-22157?

CVE-2025-22157 has a CVSS v3 score of 8.8, which is classified as High severity.

Is there an exploit available for CVE-2025-22157?

No known public exploits are currently available for CVE-2025-22157.

Is there a patch available for CVE-2025-22157?

Yes, patches are available for CVE-2025-22157. Check the vendor advisories for update instructions.

CVE-2025-22157 - CVE Details, Severity, and Analysis

Published: May 30, 2026

Last updated:20 hours ago (May 30, 2026)

Updated May 30, 2026

no major risk factors

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions:

9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server

5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server

This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user.

Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:

Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20

Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20

Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5

Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5

Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0

Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0

Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1

Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1

See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center.

This vulnerability was reported via our Atlassian (Internal) program.

Strobes VI. (2026). CVE-2025-22157 - CVE Details and Analysis. Strobes VI. Retrieved May 31, 2026, from https://vi.strobes.co/cve/CVE-2025-22157

Vendor	Product
Atlassian	Jira Server
Atlassian

NVD: This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20 Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20 Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. This vulnerability was reported via our Atlassian (Internal) program.

Ready for Agentic Automated Testing?

CVE-2025-22157