CVE-2025-22166

21.10.2025, 16:15

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center.

This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network.

Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.25
Confluence Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7
Confluence Data Center and Server 10.0: Upgrade to a release greater than or equal to 10.0.2

See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]).

This vulnerability was reported via our Atlassian (Internal) program.

Amplification

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
atlassian	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 14%

Common Weakness Enumeration

CWE-405 - Asymmetric Resource Consumption (Amplification)
Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.

Vulnerability Media Exposure

[GERMAN] Atlassian Jira Data Center: Angreifer können Daten abgreifen
Sicherheitsupdates lösen IT-Sicherheitsprobleme in Atlassian Confluence Data Center und Jira Data Center.
Published: 2025-10-24T10:20:00+00:00

References

https://confluence.atlassian.com/pages/viewpage.action?pageId=1652920034

https://jira.atlassian.com/browse/CONFSERVER-100907