CVE-2025-22166 — Vulnetix

CVE-2025-22166 PUBLISHED CVSS 8.300000190734863 HIGH

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.25 * Confluence Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7 * Confluence Data Center and Server 10.0: Upgrade to a release greater than or equal to 10.0.2 See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html). You can download the latest version of Confluence Data Center from the download center (https://www.atlassian.com/software/confluence/download-archives). This vulnerability was reported via our Atlassian (Internal) program.

EPSS 0.08% · 22.8th percentile

Risk Scores

CVSS v3.0

8.300000190734863

EPSS Score

0.08%

22.8th percentile

Affected Products

Vendor	Product	Versions
Atlassian	Confluence Data Center

Timeline

Oct 21, 2025 Coalition ESS Score
Oct 21, 2025 CVE Published
Oct 21, 2025 PoC Published
Oct 22, 2025 EPSS Score
Oct 22, 2025 Coalition ESS Score
Oct 27, 2025 EPSS Score
Nov 1, 2025 Coalition ESS Score
Nov 2, 2025 EPSS Score
Nov 7, 2025 EPSS Score
Nov 12, 2025 EPSS Score
Nov 18, 2025 EPSS Score
Nov 23, 2025 EPSS Score

References

https://jira.atlassian.com/browse/CONFSERVER-100907 issue

Open in Interactive Console →