Atlassian Jira October 2025 Security Update Advisory
Overview
Atlassian(https://www.atlassian.com/) has released a security update that addresses a vulnerability in a product it has been made. Users of affected products are advised to update to the latest version.
Affected Products
Bamboo Data Center versions 9.6.0 and later and 9.6.3 and earlier
Bamboo Data Center 9.6.5 or later and 9.6.12 or earlier
Bamboo Data Center 9.6.14 or later and 9.6.16 or earlier
Bamboo Data Center 10.2.0 or later and 10.2.3 or earlier
Bamboo Data Center 10.2.5 or later and 10.2.7 or earlier
Bamboo Data Center 11.0.0 Versions
Bamboo Data Center 11.0.2 or later and 11.0.4 or earlier
Bamboo Server 9.6.0 or later and 9.6.3 or earlier
Bamboo Server 9.6.5 or later and 9.6.12 or earlier
Bamboo Server 9.6.14 or later and 9.6.16 or earlier
Bamboo Server 10.2.0 or later and 10.2.3 or earlier
Bamboo Server 10.2.5 or later and 10.2.7 or earlier
Bamboo Server 11.0.0 Versions
Bamboo Server 11.0.2 or later and 11.0.4 or earlier
Jira Service Management Data Center 5.12.0 or later and 5.12.27 or earlier
Jira Service Management Data Center 5.13.0 or later and 5.13.1 or earlier
Jira Service Management Data Center 5.14.0 or later and 5.14.1 or earlier
Jira Service Management Data Center 5.15.0 or later and 5.15.2 or earlier
Jira Service Management Data Center 5.16.0 or later and 5.16.1 or earlier
Jira Service Management Data Center 5.17.0 or later and 5.17.5 or earlier
Jira Service Management Data Center 10.0.0 or later and 10.0.1 or earlier
Jira Service Management Data Center 10.1.1 or later and 10.1.2 or earlier
Jira Service Management Data Center 10.2.0 or later and 10.2.1 or earlier
Jira Service Management Data Center 10.3.0 or later and 10.3.11 or earlier
Jira Service Management Data Center 10.4.0 or later and 10.4.1 or earlier
Jira Service Management Data Center 10.5.0 or later and 10.5.1 or earlier
Jira Service Management Data Center 10.6.0 or later and 10.6.1 or earlier
Jira Service Management Data Center 10.7.0 or later and 10.7.4 or earlier
Jira Service Management Data Center 11.0.0 or later and 11.0.1 or earlier
Jira Service Management Server 5.12.0 or later and 5.12.27 or earlier
Jira Service Management Server 5.13.0 or later and 5.13.1 or earlier
Jira Service Management Server 5.14.0 and later versions 5.14.1 and earlier
Jira Service Management Server 5.15.0 or later and 5.15.2 or earlier
Jira Service Management Server 5.16.0 or later and 5.16.1 or earlier
Jira Service Management Server 5.17.0 or later and 5.17.5 or earlier
Jira Service Management Server 10.0.0 and later versions 10.0.1 and earlier
Jira Service Management Server 10.1.1 or later and 10.1.2 or earlier
Jira Service Management Server 10.2.0 or later and 10.2.1 or earlier
Jira Service Management Server 10.3.0 and later versions 10.3.11 and earlier
Jira Service Management Server 10.4.0 or later and 10.4.1 or earlier
Jira Service Management Server 10.5.0 and later versions 10.5.1 and earlier
Jira Service Management Server 10.6.0 and later versions 10.6.1 and earlier
Jira Service Management Server 10.7.0 and later versions 10.7.4 and earlier
Jira Service Management Server 11.0.0 or later and 11.0.1 or earlier
Jira Software Data Center 9.12.0 or later and 9.12.27 or earlier
Jira Software Data Center 9.13.0 or later and 9.13.1 or earlier
Jira Software Data Center 9.14.0 or later and 9.14.1 or earlier
Jira Software Data Center 9.15.0 or later and 9.15.2 or earlier
Jira Software Data Center 9.16.0 or later and 9.16.1 or earlier
Jira Software Data Center 9.17.0 versions
Jira Software Data Center 9.17.2 or later and 9.17.5 or earlier
Jira Software Data Center 10.0.0 or later and 10.0.1 or earlier
Jira Software Data Center 10.1.1 or later and 10.1.2 or earlier
Jira Software Data Center 10.2.0 or later and 10.2.1 or earlier
Jira Software Data Center 10.3.0 or later and 10.3.11 or earlier
Jira Software Data Center 10.4.0 or later and 10.4.1 or earlier
Jira Software Data Center 10.5.0 and later versions 10.5.1 and earlier
Jira Software Data Center 10.6.0 and later versions 10.6.1 and earlier
Jira Software Data Center 10.7.0 or later and 10.7.4 or earlier
Jira Software Data Center 11.0.0 or later and 11.0.1 or earlier
Jira Software Server 9.12.0 or later and 9.12.27 or earlier
Jira Software Server 9.13.0 or later and 9.13.1 or earlier
Jira Software Server 9.14.0 or later and 9.14.1 or earlier
Jira Software Server 9.15.0 or later and 9.15.2 or earlier
Jira Software Server 9.16.0 or later and 9.16.1 or earlier
Jira Software Server 9.17.0 versions
Jira Software Server 9.17.2 or later and 9.17.5 or earlier
Jira Software Server 10.0.0 or later and 10.0.1 or earlier
Jira Software Server 10.1.1 or later and 10.1.2 or earlier
Jira Software Server 10.2.0 or later and 10.2.1 or earlier
Jira Software Server 10.3.0 or later and 10.3.11 or earlier
Jira Software Server 10.4.0 or later and 10.4.1 or earlier
Jira Software Server 10.5.0 or later and 10.5.1 or earlier
Jira Software Server 10.6.0 or later and 10.6.1 or earlier
Jira Software Server 10.7.0 or later and 10.7.4 or earlier
Jira Software Server 11.0.0 or later and 11.0.1 or earlier versions
Resolved Vulnerabilities
SMTP Injection com.sun.mail:jakarta.mail Dependency Vulnerability in Jira Software Data Center (CVE-2025-7962, CVSS 7.5) [1]
SMTP Injection org.eclipse.angus:angus-mail/org.eclipse.angus:smtp Dependency Vulnerability in Jira Software Data Center (CVE-2025-7962, CVSS 7.5) [2]
HTTP Request Smuggling io.netty:netty-codec-http Dependency Vulnerability in Jira Software Data Center (CVE-2025-58056, CVSS 8.7) [3]
Vulnerability in Jira Software Data Center that could allow a denial of service attack (CVE-2025-58057, CVSS 8.7) [4]
Vulnerability in Jira Software Data Center/Server that allows for a path traversal attack (CVE-2025-22167, CVSS 8.7) [5] [6
Vulnerability in Jira Software Data Center/Server that could allow a denial of service attack (CVE-2025-48989, CVSS 7.5) [6] [7
Vulnerability Patches
Please follow the security advisory published on October 21 to update to the appropriate version and latest version.
Bamboo Data Center version 9.6.17
Bamboo Data Center 10.2.8 version
Bamboo Data Center 11.0.5 version
Bamboo Server version 9.6.17
Bamboo Server 10.2.8 Version
Bamboo Server 11.0.5 version
Jira Service Management Data Center 5.12.27 or later and 5.12.28 or earlier
Jira Service Management Data Center 10.3.10 version
Jira Service Management Data Center 10.3.10 or later and 10.3.12 or earlier
Jira Service Management Data Center 11.0.0 or later and 11.0.1 or earlier
Jira Service Management Data Center 11.0.1 versions
Jira Service Management Data Center 11.1.0 version
Jira Service Management Server 5.12.28 version
Jira Service Management Server 10.3.10 version
Jira Service Management Server 10.3.12 version
Jira Service Management Server 11.0.1 version
Jira Service Management Server 11.1.0 version
Jira Software Data Center 9.12.27 or later and 9.12.28 or earlier
Jira Software Data Center 10.3.10 or later and 10.3.12 or earlier
Jira Software Data Center 11.0.1 versions
Jira Software Data Center 11.1.0 version
Jira Software Server 9.12.28 version
Jira Software Server 10.3.10 version
Jira Software Server 10.3.12 version
Jira Software Server 11.0.1 version
Jira Software Server 11.1.0 version
Referenced Sites
[1] SMTP Injection com.sun.mail:jakarta.mail Dependency in Jira Software Data Center
https://jira.atlassian.com/browse/JSWSERVER-26567
[2] SMTP Injection org.eclipse.angus:angus-mail/org.eclipse.angus:smtp Dependency in Jira Software Data Center
https://jira.atlassian.com/browse/JSWSERVER-26566
[3] HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Software Data Center
https://jira.atlassian.com/browse/JSWSERVER-26565
[4] DoS (Denial of Service) io.netty:netty-codec-http Dependency in Jira Software Data Center
https://jira.atlassian.com/browse/JSWSERVER-26564
[5] Path Traversal (Arbitrary Write) in Jira Software Data Center and Server
https://jira.atlassian.com/browse/JSWSERVER-26552
[6] DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server
https://jira.atlassian.com/browse/JSWSERVER-26538
[7] Atlassian Security Advisories & Bulletins