CVE-2025-22170 – Jira Align has an authorization bypass vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-22170?

CVE-2025-22170 has a CVSS score of 4.3 (MEDIUM). Jira Align has an authorization bypass vulnerability where low-privilege users can perform actions they shouldn't by including a state-related parameter from a privileged user. This affects all Jira Align instances where users have different permission levels.

📋 TL;DR

Jira Align has an authorization bypass vulnerability where low-privilege users can perform actions they shouldn't by including a state-related parameter from a privileged user. This affects all Jira Align instances where users have different permission levels.

💻 Affected Systems

Products:

Atlassian Jira Align

Versions: Specific versions not specified in CVE, but all versions before the fix are likely affected

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Jira Align deployments with multiple user permission levels. Cloud instances may be automatically patched by Atlassian.

📦 What is this software?

Jira Align by Atlassian

View all CVEs affecting Jira Align →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Low-privilege users could perform administrative actions, modify critical data, or escalate their privileges to gain full system control.

🟠

Likely Case

Users could perform actions outside their intended permissions, potentially modifying project data, settings, or accessing restricted information.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to minor unauthorized actions that could be detected and rolled back.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated low-privilege user and knowledge of privileged user's state parameter. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Atlassian advisory for specific fixed versions

Vendor Advisory: https://jira.atlassian.com/browse/JIRAALIGN-8639

Restart Required: No

Instructions:

1. Check Atlassian advisory for fixed version. 2. Update Jira Align to patched version. 3. For cloud instances, verify Atlassian has applied the patch.

🔧 Temporary Workarounds

Temporary Access Restriction

all

Limit low-privilege user access to only essential functions while awaiting patch

🧯 If You Can't Patch

Implement strict access controls and principle of least privilege
Enable detailed audit logging for all user actions and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Jira Align version against Atlassian's advisory. Test with low-privilege user attempting actions with privileged user parameters.

Check Version:

Check Jira Align administration panel or consult Atlassian documentation for version check command

Verify Fix Applied:

Verify Jira Align version is updated to patched version. Test that low-privilege users can no longer perform unauthorized actions with privileged parameters.

📡 Detection & Monitoring

Log Indicators:

Unusual user actions from low-privilege accounts
Failed authorization attempts followed by successful privileged actions

Network Indicators:

Requests containing state parameters from different user sessions

SIEM Query:

source="jira-align" AND (user.privilege="low" AND action="privileged_operation")

📊 Metadata

CVE ID: CVE-2025-22170

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-285

EPSS Score: 0.05% exploit probability (14th percentile)

Published: October 22, 2025

Last Updated: October 24, 2025

🔗 References

https://jira.atlassian.com/browse/JIRAALIGN-8639 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-22170, you might also want to check these: