Jira Flaw Lets Hackers Write Files on Data Center Servers

Atlassian has issued security updates to fix a high-severity vulnerability in Jira Software and Jira Service Management running in Data Center and Server deployments. The Jira flaw lets hackers exploit a path traversal weakness, tracked as CVE-2025-22167, to write arbitrary files on affected systems. This exposure poses a significant risk to organizations relying on these platforms for project tracking and service operations.

The vulnerability affects several Jira deployments and could allow attackers to gain deeper access to internal infrastructure if left unpatched. Atlassian’s advisory urges users to apply the latest patches immediately to prevent potential exploitation. The Jira flaw lets hackers target the file system directly, bypassing normal access controls and potentially planting malicious files.

Additional vulnerabilities disclosed include CVE-2025-11371, CVE-2025-54253, CVE-2025-27915, and earlier issues CVE-2023-22523, CVE-2023-22522, and CVE-2023-22501. Organizations should review and update their systems accordingly.

Read the full article here: https://securityonline.info/jira-path-traversal-flaw-cve-2025-22167-allows-arbitrary-file-write-on-server-data-center/