CVE-2025-22173: Medium severity Atlassian Jira Align vulnerability

Q: What is the severity of CVE-2025-22173?

CVE-2025-22173 is classified as a low severity vulnerability.

Q: How do I fix CVE-2025-22173?

To fix CVE-2025-22173, ensure that proper authorization checks are implemented for user roles within Jira Align.

Q: Who is affected by CVE-2025-22173?

Any low-privilege users of Atlassian Jira Align may be affected by CVE-2025-22173.

Q: What type of information is disclosed by CVE-2025-22173?

CVE-2025-22173 allows low-privilege users to access certain sensitive sprint data without the necessary permissions.

Q: What actions should I take if I am affected by CVE-2025-22173?

If affected by CVE-2025-22173, review user permissions and update access controls to mitigate unauthorized data visibility.

Published Oct 22, 2025

Updated

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view certain sprint data without the required permission.

Affected Software

2 affected components

Atlassian Jira Align

Atlassian Jira Align>=11.14.0<11.16.1

Event History

Oct 22, 2025

CVE Published

via MITRE·04:30 PM

Data Sourced

via MITRE·04:30 PM

DescriptionWeakness

Data Sourced

via NVD·05:15 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-22173?

CVE-2025-22173 is classified as a low severity vulnerability.

How do I fix CVE-2025-22173?

To fix CVE-2025-22173, ensure that proper authorization checks are implemented for user roles within Jira Align.

Who is affected by CVE-2025-22173?

Any low-privilege users of Atlassian Jira Align may be affected by CVE-2025-22173.

What type of information is disclosed by CVE-2025-22173?

CVE-2025-22173 allows low-privilege users to access certain sensitive sprint data without the necessary permissions.

What actions should I take if I am affected by CVE-2025-22173?