CVE-2025-31487

CVSS 3.1 Score 7.7 of 10 (high)

Details

Published Apr 3, 2025

Updated: Apr 7, 2025

CWE ID 611

Summary

CVE-2025-31487 is a vulnerability affecting the XWiki JIRA extension. This issue allows logged-in XWiki users to edit their profile pages and insert a fake JIRA URL containing a DOCTYPE declaration. By doing so, they can manipulate JIRA fields like summary or description, causing the server to display the content of a local file on the XWiki host. This security weakness has been rectified in version 8.6.5 of the JIRA Extension.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Jira Software

Affected Vendors

Atlassian

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/4wwtof
https://www.cve.org/CVERecord?id=CVE-2025-31487
https://nvd.nist.gov/vuln/detail/CVE-2025-31487

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners