Request a Demo
Rewterz
Multiple Microsoft Excel Vulnerabilities
October 23, 2025
Rewterz
Multiple Oracle Products Vulnerabilities
October 23, 2025

Multiple Atlassian Jira Align Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-22178 CVSS:5.3

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view items on the "Why" page.

CVE-2025-22174 CVSS:5.3

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission.

CVE-2025-22173 CVSS:5.3

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view certain sprint data without the required permission.

CVE-2025-22172 CVSS:5.3

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read external reports without the required permission.

CVE-2025-22170 CVSS:5.3

Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action.

CVE-2025-22169 CVSS:5.3

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level.

CVE-2025-22176 CVSS:5.3

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view audit log items.

CVE-2025-22177 CVSS:5.3

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view other team overviews.

CVE-2025-22175 CVSS:5.3

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to modify the steps of another user's private checklist.

CVE-2025-22171 CVSS:5.3

Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users.

CVE-2025-22168 CVSS:5.3

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist.

Impact

  • Gain Access
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2025-22178
  • CVE-2025-22174
  • CVE-2025-22173
  • CVE-2025-22172
  • CVE-2025-22170
  • CVE-2025-22169
  • CVE-2025-22176
  • CVE-2025-22177
  • CVE-2025-22175
  • CVE-2025-22171
  • CVE-2025-22168

Affected Vendors

Atlassian

Affected Products

  • Atlassian Jira Align 11.14.0
  • Atlassian Jira Align 11.14.1
  • Atlassian Jira Align 11.15.0
  • Atlassian Jira Align 11.15.1
  • Atlassian Jira Align 11.16.0

Remediation

Refer to Atlassian Jira Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-22178

CVE-2025-22174

CVE-2025-22173

CVE-2025-22172

CVE-2025-22170

CVE-2025-22169

CVE-2025-22176

CVE-2025-22177

CVE-2025-22175

CVE-2025-22171

CVE-2025-22168