CVE-2025-7783 — Vulnetix

CVE-2025-7783 PUBLISHED CVSS 9.399999618530273 CRITICAL

Note: Aligning with our security bug fix policy, this vulnerability has been fixed in our latest release only This Critical severity Third-Party Dependency vulnerability was introduced in version 6.1.1 of Crowd Data Center. This Third-Party Dependency vulnerability, with a CVSS Score of 9.4, allows an attacker to expose assets in your environment susceptible to exploitation. Atlassian recommends that Crowd Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Crowd Data Center 6.0: Upgrade to a release greater than or equal to 6.0.10 * Crowd Data Center 6.1: Upgrade to a release greater than or equal to 6.1.6 * Crowd Data Center 6.2: Upgrade to a release greater than or equal to 6.2.5 * Crowd Data Center 6.3: Upgrade to a release greater than or equal to 6.3.2 See the release notes (https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html). You can download the latest version of Crowd Data Center from the download center (https://www.atlassian.com/software/crowd/download-archive). This vulnerability was reported via our Atlassian (Internal) program.

EPSS 0.08% · 22.7th percentile

Risk Scores

CVSS v4.0

9.399999618530273

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

EPSS Score

0.08%

22.7th percentile

Affected Products

Vendor	Product	Versions
Atlassian	Crowd Data Center

Timeline

Jul 18, 2025 CVE Published
Jul 19, 2025 EPSS Score
Jul 28, 2025 EPSS Score
Aug 5, 2025 EPSS Score
Aug 14, 2025 EPSS Score
Aug 22, 2025 EPSS Score
Aug 31, 2025 EPSS Score
Sep 9, 2025 EPSS Score
Sep 17, 2025 EPSS Score
Sep 26, 2025 EPSS Score
Oct 4, 2025 EPSS Score
Oct 13, 2025 EPSS Score

References

https://jira.atlassian.com/browse/CWD-6415 issue

Open in Interactive Console →