Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Vulnerabilities in Atlassian Data Center and Server
Alerts

Multiple Vulnerabilities in Atlassian Data Center and Server

26 May 2025

Atlassian has released security updates addressing multiple vulnerabilities affecting their Data Center and Server products. Users and administrators of affected products are advised to update to the latest versions.

Multiple Vulnerabilities in Atlassian Data Center and Server

Background

Atlassian has released security updates addressing multiple vulnerabilities (CVE-2024-47072, CVE-2025-31650, CVE-2025-22157, CVE-2025-24970 and CVE-2024-57699) affecting their Data Center and Server products.

Impact

The vulnerabilities are:

CVE-2024-47072: Successful exploitation of the vulnerability could allow an attacker to inject malicious inputs to cause stack overflows and conduct Denial of Service (DoS) attacks.

CVE-2025-31650: Successful exploitation of the improper input validation vulnerability could allow an unauthenticated attacker to send maliciously crafted requests and result in memory leakage and crashing of affected application.

CVE-2025-22157: Successful exploitation of the vulnerability could allow an authenticated attacker to execute privileged commands, potentially disclosing sensitive information.

CVE-2025-24970: Successful exploitation of the vulnerability could allow an attacker to send maliciously crafted packets and result in a crash.

CVE-2024-57699: Successful exploitation of the vulnerability could allow an attacker to send a specially crafted JSON, potentially leading to Denial of Service (DoS) attack.

Affected products

The vulnerabilities affect the following products:

CVE-2024-47072 and CVE-2025-31650:

Confluence Data Center and Server versions

  • 9.4.0

  • 9.3.1 to 9.3.2

  • 9.2.0 to 9.2.3 (LTS)

  • 9.1.0 to 9.1.1

  • 9.0.1 to 9.0.3

  • 8.9.0 to 8.9.8

  • 8.8.0 to 8.8.1

  • 8.7.1 to 8.7.2

  • 8.6.0 to 8.6.2

  • 8.5.0 to 8.5.21 (LTS)

  • 7.13.18 to 7.13.20 (LTS)

CVE-2025-31650:

Bamboo Data Center and Server versions

  • 11.0.0

  • 10.2.0 to 10.2.3 (LTS)

  • 10.1.0 to 10.1.1

  • 10.0.0 to 10.0.3

  • 9.6.0 to 9.6.12 (LTS)

CVE-2025-22157 and CVE-2025-24970:

Jira Data Center and Server versions

  • 10.5.0 to 10.5.1

  • 10.4.0 to 10.4.1

  • 10.3.0 to 10.3.4 (LTS)

  • 10.2.0 to 10.2.1

  • 10.1.1 to 10.1.2

  • 10.0.0 to 10.0.1

  • 9.17.0 to 9.17.5

  • 9.16.0 to 9.16.1

  • 9.15.2

  • 9.14.0 to 9.14.1

  • 9.13.0 to 9.13.1

  • 9.12.0 to 9.12.19 (LTS)

  • 9.11.3

Jira Service Management Data Center versions

  • 10.5.0 to 10.5.1

  • 10.4.0 to 10.4.1

  • 10.3.0 to 10.3.4 (LTS)

  • 10.2.0 to 10.2.1

  • 10.1.1 to 10.1.2

  • 10.0.0 to 10.0.1

  • 5.17.0 to 5.17.5

  • 5.16.0 to 5.16.1

  • 5.15.2

  • 5.14.0 to 5.14.1

  • 5.13.0 to 5.13.1

  • 5.12.0 to 5.12.19 (LTS)

  • 5.11.3

CVE-2024-57699:

  • Fisheye/Crucible version 4.9.0

Mitigation

Users and administrators of affected products are advised to update to the latest versions.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47072

https://confluence.atlassian.com/security/security-bulletin-may-20-2025-1561365992.html

https://cybersecuritynews.com/atlassian-data-center-server/

Back to top