Arbitrary Code Execution Vulnerability in Sourcetree for Mac by Atlassian
CVE-2025-22165

5.9MEDIUM

Key Information:

Vendor: Atlassian
Status: Sourcetree For Mac
Vendor: CVE Published:; 24 July 2025

What is CVE-2025-22165?

A recently discovered vulnerability in Sourcetree for Mac enables locally authenticated attackers to execute arbitrary code. This vulnerability poses severe risks, impacting confidentiality, integrity, and availability of affected systems. Users are advised to upgrade to the latest version or apply supported fixes to protect against potential exploitation. Detailed release notes and update instructions are available through Atlassian's official download center.

Affected Version(s)

Sourcetree for Mac All versions from 4.2.8 to 4.2.11 inclusive

Sourcetree for Mac All versions from 4.2.12

References

https://jira.atlassian.com/browse/SRCTREE-8217

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2025
Vulnerability Reserved
Jan 1, 2025

Credit

Karol Mazurek (AFINE)