Cyber Resilience

CVE-2023-22527

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 16 January 2024

Published
16 January 2024
Modified
24 October 2025
KEV Added
24 January 2024
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9435 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-22527 is a critical-severity Injection (CWE-74) vulnerability in Atlassian Confluence Data Center. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A template injection vulnerability, tracked as CVE-2023-22527 and assigned CWE-74, affects older versions of Atlassian Confluence Data Center and Server. The flaw permits remote code execution and received a CVSS 3.1 base score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction.

An unauthenticated attacker can supply malicious template input over the network to achieve full remote code execution on an unpatched instance, resulting in complete compromise of confidentiality, integrity, and availability.

Atlassian states that the vulnerability was addressed through regular version updates, leaving current supported releases unaffected. The vendor’s January security bulletin directs customers to install the latest Confluence Data Center or Server release to protect against this issue and other non-critical vulnerabilities.

Public exploit code has been posted to PacketStorm, and the EPSS score stands at 0.9435 with a recorded peak of 0.9746, indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data…

more

Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.

CWE(s)
KEV Date Added
24 January 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

atlassian
confluence data center
8.7.0 · 8.0.0 — 8.5.4
atlassian
confluence server
8.0.0 — 8.5.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of vendor patches that eliminated the template-injection flaw in current Confluence releases.

prevent

Mandates validation and sanitization of all untrusted input before it reaches the templating engine, blocking the injection vector used for unauthenticated RCE.

prevent

Enforces access-control decisions so that unauthenticated network requests cannot reach code-execution paths that the vulnerability exposed.

References