CVE-2025-22166 – This high-severity Denial of Service vulnerabil... (How to Fix)

Q: How do I fix CVE-2025-22166?

1. Backup your Confluence instance and database. 2. Download appropriate fixed version from Atlassian download center. 3. Stop Confluence service. 4. Apply patch/upgrade. 5. Restart Confluence service. 6. Verify functionality.

Q: What is the severity of CVE-2025-22166?

CVE-2025-22166 has a CVSS score of 7.5 (HIGH). This high-severity Denial of Service vulnerability in Confluence Data Center allows attackers to make resources unavailable to legitimate users by disrupting services. It affects Confluence Data Center and Server versions starting from 2.0, with specific vulnerable versions in the 8.5, 9.2, and 10.0 branches.

📋 TL;DR

This high-severity Denial of Service vulnerability in Confluence Data Center allows attackers to make resources unavailable to legitimate users by disrupting services. It affects Confluence Data Center and Server versions starting from 2.0, with specific vulnerable versions in the 8.5, 9.2, and 10.0 branches.

💻 Affected Systems

Products:

Confluence Data Center
Confluence Server

Versions: From version 2.0 onward, specifically vulnerable versions: 8.5.x < 8.5.25, 9.2.x < 9.2.7, 10.0.x < 10.0.2

Operating Systems: All supported operating systems for Confluence

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. The vulnerability was introduced in version 2.0 and persists in later versions until patched.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption making Confluence unavailable to all users, potentially requiring service restart and causing extended downtime.

🟠

Likely Case

Temporary service degradation or unavailability affecting user productivity and collaboration workflows.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting attack surface.

🌐 Internet-Facing: HIGH - Internet-facing Confluence instances are directly exposed to potential DoS attacks from external threat actors.

🏢 Internal Only: MEDIUM - Internal-only instances are still vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Based on CVSS score of 8.3 and DoS nature, exploitation likely requires minimal technical skill. No public exploit code identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.5.25, 9.2.7, or 10.0.2 depending on current version

Vendor Advisory: https://confluence.atlassian.com/pages/viewpage.action?pageId=1652920034

Restart Required: Yes

Instructions:

1. Backup your Confluence instance and database. 2. Download appropriate fixed version from Atlassian download center. 3. Stop Confluence service. 4. Apply patch/upgrade. 5. Restart Confluence service. 6. Verify functionality.

🔧 Temporary Workarounds

Network Access Restriction

all

Limit access to Confluence instances to trusted IP addresses only

# Configure firewall rules to restrict access
# Example: iptables -A INPUT -p tcp --dport 8090 -s trusted_ip_range -j ACCEPT
# iptables -A INPUT -p tcp --dport 8090 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to Confluence instances
Deploy rate limiting and DoS protection mechanisms at network perimeter

🔍 How to Verify

Check if Vulnerable:

Check Confluence version via Administration → General Configuration → System Information, or run: grep -i 'confluence.version' confluence/WEB-INF/classes/confluence-init.properties

Check Version:

grep -i 'confluence.version' confluence/WEB-INF/classes/confluence-init.properties

Verify Fix Applied:

Verify version is 8.5.25+, 9.2.7+, or 10.0.2+ and monitor for service stability

📡 Detection & Monitoring

Log Indicators:

Unusual traffic patterns
Service restart events
High resource utilization alerts
Connection spikes from single sources

Network Indicators:

Abnormal request patterns to Confluence endpoints
Traffic spikes from unexpected sources
Repeated connection attempts

SIEM Query:

source="confluence.log" AND ("service unavailable" OR "out of memory" OR "connection refused")

📊 Metadata

CVE ID: CVE-2025-22166

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-405

EPSS Score: 0.05% exploit probability (16.8th percentile)

Published: October 21, 2025

Last Updated: December 5, 2025

🔗 References

https://confluence.atlassian.com/pages/viewpage.action?pageId=1652920034 Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-100907 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-22166, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Confluence Data Center by Atlassian

Confluence Data Center by Atlassian

Confluence Data Center by Atlassian

Confluence Server by Atlassian

Confluence Server by Atlassian

Confluence Server by Atlassian

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities