- Home
- Alerts & Advisories
- Alerts
- Multiple Vulnerabilities in Atlassian Data Center and Server
Multiple Vulnerabilities in Atlassian Data Center and Server
26 May 2025
Atlassian has released security updates addressing multiple vulnerabilities affecting their Data Center and Server products. Users and administrators of affected products are advised to update to the latest versions.
Multiple Vulnerabilities in Atlassian Data Center and Server
Background
Atlassian has released security updates addressing multiple vulnerabilities (CVE-2024-47072, CVE-2025-31650, CVE-2025-22157, CVE-2025-24970 and CVE-2024-57699) affecting their Data Center and Server products.
Impact
The vulnerabilities are:
CVE-2024-47072: Successful exploitation of the vulnerability could allow an attacker to inject malicious inputs to cause stack overflows and conduct Denial of Service (DoS) attacks.
CVE-2025-31650: Successful exploitation of the improper input validation vulnerability could allow an unauthenticated attacker to send maliciously crafted requests and result in memory leakage and crashing of affected application.
CVE-2025-22157: Successful exploitation of the vulnerability could allow an authenticated attacker to execute privileged commands, potentially disclosing sensitive information.
CVE-2025-24970: Successful exploitation of the vulnerability could allow an attacker to send maliciously crafted packets and result in a crash.
CVE-2024-57699: Successful exploitation of the vulnerability could allow an attacker to send a specially crafted JSON, potentially leading to Denial of Service (DoS) attack.
Affected products
The vulnerabilities affect the following products:
CVE-2024-47072 and CVE-2025-31650:
Confluence Data Center and Server versions
9.4.0
9.3.1 to 9.3.2
9.2.0 to 9.2.3 (LTS)
9.1.0 to 9.1.1
9.0.1 to 9.0.3
8.9.0 to 8.9.8
8.8.0 to 8.8.1
8.7.1 to 8.7.2
8.6.0 to 8.6.2
8.5.0 to 8.5.21 (LTS)
7.13.18 to 7.13.20 (LTS)
CVE-2025-31650:
Bamboo Data Center and Server versions
11.0.0
10.2.0 to 10.2.3 (LTS)
10.1.0 to 10.1.1
10.0.0 to 10.0.3
9.6.0 to 9.6.12 (LTS)
CVE-2025-22157 and CVE-2025-24970:
Jira Data Center and Server versions
10.5.0 to 10.5.1
10.4.0 to 10.4.1
10.3.0 to 10.3.4 (LTS)
10.2.0 to 10.2.1
10.1.1 to 10.1.2
10.0.0 to 10.0.1
9.17.0 to 9.17.5
9.16.0 to 9.16.1
9.15.2
9.14.0 to 9.14.1
9.13.0 to 9.13.1
9.12.0 to 9.12.19 (LTS)
9.11.3
Jira Service Management Data Center versions
10.5.0 to 10.5.1
10.4.0 to 10.4.1
10.3.0 to 10.3.4 (LTS)
10.2.0 to 10.2.1
10.1.1 to 10.1.2
10.0.0 to 10.0.1
5.17.0 to 5.17.5
5.16.0 to 5.16.1
5.15.2
5.14.0 to 5.14.1
5.13.0 to 5.13.1
5.12.0 to 5.12.19 (LTS)
5.11.3
CVE-2024-57699:
Fisheye/Crucible version 4.9.0
Mitigation
Users and administrators of affected products are advised to update to the latest versions.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-47072
https://confluence.atlassian.com/security/security-bulletin-may-20-2025-1561365992.html