-
Public Security Vulnerability
-
Resolution: Fixed
-
High
-
6.0.0, 6.1.0, 6.2.0, 6.3.0, 6.3.1
-
None
-
8.7
-
High
-
CVE-2025-48976
-
Atlassian (Internal)
-
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
-
DoS (Denial of Service)
-
Crowd Data Center
This High severity DoS (Denial of Service) vulnerability was introduced in version 6.3.1 of Crowd Data Center.
This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.7, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network.
Atlassian recommends that Crowd Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
- Crowd Data Center 6.3: Upgrade to a release greater than or equal to 6.3.2
- Crowd Data Center 6.2: Upgrade to a release greater than or equal to 6.2.5
See the release notes (https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html). You can download the latest version of Crowd Data Center from the download center (https://www.atlassian.com/software/crowd/download-archive).
This vulnerability was reported via our Atlassian (Internal) program.