Security patches: Atlassian secures Confluence & Co. against possible attacks

Among others, Atlassian Bamboo and Jira Data Center and Server are susceptible to various attacks.

(Image: Alfa Photo/Shutterstock.com)

Jan 21, 2026 at 3:17 pm CET

3 min. read

By

Dennis Schirrmacher

Atlassian has released important security updates for Bamboo, Bitbucket, Confluence, Crowd, Jira, and Jira Service Management Data Center and Server. Following successful attacks, attackers can primarily trigger DoS conditions and thus crashes.

Probably not critical in this context

A warning message indicates, among other things, that the developers have closed two “critical” vulnerabilities (CVE-2025-12383, CVE-2025-66516). These affect Eclipse Jersey and Apache Tika, which Bamboo and Confluence Data Center and Server use. The developers explain that the vulnerabilities do not directly impact the Atlassian applications, and therefore a lower threat level applies. If attacks are successful, for example, actually untrusted servers can be classified as trusted.

The remaining security vulnerabilities are classified with the threat level “high.” Here, attackers can initiate DoS attacks (e.g., CVE-2025-52999). However, malicious code can also get onto systems (e.g., CVE-2025-55752). Furthermore, attackers can intercept connections as man-in-the-middle (CVE-2025-49146).

Videos by heise

Atlassian's warning message provides no indication that attackers are already exploiting the vulnerabilities. However, such things can change quickly, and admins should install the available security updates promptly. According to the developers, all previous versions are vulnerable.