CVE-2025-22166

Medienbericht

EPSS 0.05%
Veröffentlicht 21.10.2025 16:15:37
Zuletzt bearbeitet 05.12.2025 19:22:44
Quelle security@atlassian.com
CVE-Watchlists
Login
Unerledigt
Login

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center.

This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network.

Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
 Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.25
 Confluence Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7
 Confluence Data Center and Server 10.0: Upgrade to a release greater than or equal to 10.0.2

See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]).

This vulnerability was reported via our Atlassian (Internal) program.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atlassian ≫ Confluence Data Center Version >= 8.5.0 < 8.5.25

Atlassian ≫ Confluence Data Center Version >= 9.2.0 < 9.2.7

Atlassian ≫ Confluence Data Center Version >= 10.0.0 < 10.0.2

Atlassian ≫ Confluence Server Version >= 8.5.0 < 8.5.25

Atlassian ≫ Confluence Server Version >= 9.2.0 < 9.2.7

Atlassian ≫ Confluence Server Version >= 10.0.0 < 10.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@atlassian.com	8.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-405 Asymmetric Resource Consumption (Amplification)

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

https://www.heise.de/news/Atlassian-Jira-Data-Center-Angreifer-koennen-Daten-abgreifen-10851118.html

Medienbericht

heise Security

https://confluence.atlassian.com/pages/viewpage.action?pageId=1652920034

Vendor Advisory

https://jira.atlassian.com/browse/CONFSERVER-100907

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-22166

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-22166

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-22166

EUVD