Atlassian Confluence Server: Passwords at Risk from Insufficient Firmware Verification

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

Atlassian Confluence Server: Passwords at Risk from Insufficient Firmware Verification

CVE-2025-41711

Summary

Confluence Server users with limited access accounts may be at risk of having their passwords exposed. This vulnerability allows an attacker to extract password hashes and potentially brute force them. To protect your users, ensure you're keeping your Confluence Server software up to date.

Original title

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.

Original description

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.

nvd CVSS3.1 5.3

Vulnerability type

CWE-327 Use of a Broken Cryptographic Algorithm

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026