CVE-2025-22166

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center.

This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network.

Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
 Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.25
 Confluence Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7
 Confluence Data Center and Server 10.0: Upgrade to a release greater than or equal to 10.0.2

See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]).

This vulnerability was reported via our Atlassian (Internal) program.
Amplification
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
atlassianCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
atlassianconfluence_data_center
8.5.0 ≤
𝑥
< 8.5.25
atlassianconfluence_data_center
9.2.0 ≤
𝑥
< 9.2.7
atlassianconfluence_data_center
10.0.0 ≤
𝑥
< 10.0.2
atlassianconfluence_server
8.5.0 ≤
𝑥
< 8.5.25
atlassianconfluence_server
9.2.0 ≤
𝑥
< 9.2.7
atlassianconfluence_server
10.0.0 ≤
𝑥
< 10.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://confluence.atlassian.com/pages/viewpage.action?pageId=1652920034
https://jira.atlassian.com/browse/CONFSERVER-100907