Atlassian Product Security Update Advisory (CVE-2025-22166)

Overview

 

We have released security updates to fix vulnerabilities in Atlassian products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-22166

 

Confluence Data Center and Server versions: 9.5.1 and later and 9.5.4 and earlier
Confluence Data Center and Server versions: 9.4.0 and earlier and 9.4.1 and earlier
Confluence Data Center and Server version: 9.3.1 or later and 9.3.2 or earlier
Confluence Data Center and Server version: 9.2.0 or later and 9.2.6 or earlier
Confluence Data Center and Server version: 9.1.0 or later and 9.1.1 or earlier
Confluence Data Center and Server version: 9.0.1 or later and 9.0.3 or earlier
Confluence Data Center and Server version: 8.9.0 or later and 8.9.8 or earlier
Confluence Data Center and Server version: 8.8.0 or later and 8.8.1 or earlier
Confluence Data Center and Server version: 8.7.1 or later and 8.7.2 or earlier
Confluence Data Center and Server version: 8.5.0 or later and 8.5.24 or earlier
Confluence Data Center and Server version: 8.6 or later and 8.6.2 or earlier
Confluence Data Center and Server version: 7.19.0

 

 

Resolved Vulnerabilities

 

Denial of Service Vulnerability in Confluence Data Center (CVE-2025-22166)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-22166

 

Confluence Data Center version: 10.1.0
Confluence Data Center version: 10.0.2 or later and 10.0.3 or earlier
Confluence Data Center version: 9.2.7 or later and 9.2.9 or earlier
Confluence Data Center and Server version: 8.5.25 or later and 8.5.27 or earlier

 

 

References

 

[1] Security Bulletin – October 21 2025
https://confluence.atlassian.com/security/security-bulletin-october-21-2025-1652920034.html