Atlassian has disclosed a critical path traversal vulnerability affecting Jira Software Data Center and Server that could allow authenticated attackers to modify files accessible to the Jira Java Virtual Machine (JVM) process.
The vulnerability, tracked as CVE-2025-22167, carries a high severity rating with a CVSS score of 8.7 and presents a significant risk to organizations relying on Jira for project management and issue tracking.
https://cyberpress.org/critical-jira-vu ... vm-access/