CVE-2025-22165

CWE-269Improper Privilege Management3 documents3 sources
Severity
5.9MEDIUM
EPSS
0.0%
top 94.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian SourcetreeAtlassian Sourcetree FOR MAC
Timeline
PublishedJul 24
Latest updateJul 25

Description

This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac users upgrade to the latest version. If you are unable to do

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:H/SI:H/SA:L

Affected Packages2 packages

NVDatlassian/sourcetree4.2.84.2.12
CVEListV5atlassian/sourcetree_for_macAll versions from 4.2.8 to 4.2.11 inclusive

🔴Vulnerability Details

2
GHSA
GHSA-g98p-wqr8-r32r: This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 42025-07-25
CVEList
CVE-2025-22165: This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 42025-07-24
CVE-2025-22165 (MEDIUM CVSS 5.9) | This Medium severity ACE (Arbitrary | cvebase.io