—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Atlassian Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: High

Software Affected

Bamboo Data Center and Server

Fisheye/Crucible

Jira Data Center and Server

Jira Service Management Data Center and Server

Overview

Multiple vulnerabilities have been reported in Atlassian Products which could allow an attacker to perform Path Traversal (Arbitrary Write), HTTP Request Smuggling, SMTP Injection or cause DoS (Denial of Service) conditions on the targeted system.

Target Audience:

Individuals and organisational users of the above mentioned Atlassian products.

Risk Assessment:

High risk of sensitive information disclosure, resource exhaustion or session hijacking.

Impact Assessment:

Potential for unauthorized access, service disruption or system compromise.

Description

Atlassian products are used by software development teams, IT operations, project management professionals and business teams. Some of the products in the Atlassian suite include Jira, Fisheye and Bamboo.

Multiple vulnerabilities have been reported in various Atlassian Products.

Solution

Apply appropriate updates as mentioned in Atlassian security bulletin:  

https://confluence.atlassian.com/security/security-bulletin-october-21-2025-1652920034.html

Vendor Information

Atlassian

https://confluence.atlassian.com/security/security-bulletin-october-21-2025-1652920034.html

References

Atlassian

https://confluence.atlassian.com/security/security-bulletin-october-21-2025-1652920034.html

CVE Name

CVE-2025-48989

CVE-2025-48976

CVE-2025-22167

CVE-2025-58057

CVE-2025-58056

CVE-2025-7962

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkAvrsACgkQ3jCgcSdc

ys+qwRAApdWcwyJnjtTyEw2a6z6I0wpTb1s3KcwNEksw+cKlVx5hMhIM9i2N/pkg

OAbTWYDtewndDEwxgTXq/NrmoS0sgZF+PjkIaigojQ7sJBaMOloNXO5/s8SFWsU7

nBTACElhHgE2wbmSJNxjF1gIU4MGzUwpRCW5dh4er2oi4ydyUgpyrs7hYmkeKTz9

4tzUkhGyrcqvNfZARl5nVydtFK5EHfizk8JYz36R3rrcxCM0KvX8Lyjy4arUCSGC

IiMI3yX0xj7URZDLek87UtSru6h411NoPvD07lFlK653EVNMIf2MaSseaJ8KAR5o

TybLAqDAABKfZQF4jc1lvzDOfxW3av+irKhTkIK67hD2mpD/MeM6dUOXaSrze82j

KLxKfzK1JrGehaXnCcDbCBVo1oD/R8vJonKUX1N75TDU/6qDrqMS5iOqHhsxny2C

JHLG9V0wypQ3Y9Tz3/O90qu4zDmYcih6d8NKOnduIxcBO6w637OLbs/oJET94zwl

4by3U/5LGJjz8FGeL9Lu2AXExoFFJY71B7RAf/brnpG1htannpKc/3/werpxVpJo

uLp3wNw1e9LfUBFa2BShGlbIMAk1zwCjhMiWAi7FsqZahhIdykEAp+9nGEeTB/0R

Ux9ERp5jcRn0iM5Dh4vHz/xJAjcg4bWZ6YOhONVkMzEV9a/XR9o=

=iKYz

—–END PGP SIGNATURE—–