CVE-2025-22165
BaseFortify
Publication date: 2025-07-24
Last updated on: 2025-07-30
Assigner: Atlassian
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| atlassian | sourcetree | From 4.2.8 (inc) to 4.2.12 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Arbitrary Code Execution (ACE) flaw in Sourcetree for Mac, introduced in version 4.2.8. It allows a locally authenticated attacker to execute arbitrary code on the affected system, requiring user interaction. The vulnerability has a medium severity with a CVSS score of 5.9 and impacts confidentiality, integrity, and availability highly.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with local access and user interaction to execute arbitrary code, potentially compromising the confidentiality, integrity, and availability of your system or data. This could lead to unauthorized access, data modification, or system disruption.
What immediate steps should I take to mitigate this vulnerability?
Atlassian recommends that Sourcetree for Mac users upgrade to the latest version or to one of the specified supported fixed versions. If upgrading immediately is not possible, refer to the release notes at https://www.sourcetreeapp.com/download-archives for guidance on fixed versions.