{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T12:59:24.878","vulnerabilities":[{"cve":{"id":"CVE-2025-22165","sourceIdentifier":"security@atlassian.com","published":"2025-07-24T23:15:26.127","lastModified":"2025-07-30T13:05:24.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac.\n\nThis ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. \n\nAtlassian recommends that Sourcetree for Mac users upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://www.sourcetreeapp.com/download-archives .\n\nYou can download the latest version of Sourcetree for Mac from the download center https://www.sourcetreeapp.com/download-archives .\n\nThis vulnerability was found through the Atlassian Bug Bounty Program by Karol Mazurek (AFINE)."},{"lang":"es","value":"Esta vulnerabilidad ACE (ejecución arbitraria de código) de gravedad media se introdujo en la versión 4.2.8 de Sourcetree para Mac. Esta vulnerabilidad ACE (ejecución arbitraria de código), con una puntuación CVSS de 5,9, permite a un atacante autenticado localmente ejecutar código arbitrario que tiene un alto impacto en la confidencialidad, la integridad y la disponibilidad, y requiere la interacción del usuario. Atlassian recomienda a los usuarios de Sourcetree para Mac que actualicen a la última versión. Si no puede hacerlo, actualice su instancia a una de las versiones corregidas compatibles especificadas. Consulte las notas de la versión https://www.sourcetreeapp.com/download-archives. Puede descargar la última versión de Sourcetree para Mac desde el centro de descargas https://www.sourcetreeapp.com/download-archives. Esta vulnerabilidad fue descubierta a través del programa Atlassian Bug Bounty por Karol Mazurek (AFINE)."}],"metrics":{"cvssMetricV40":[{"source":"security@atlassian.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*","versionStartIncluding":"4.2.8","versionEndIncluding":"4.2.12","matchCriteriaId":"4A748740-3812-40B1-BAF9-3D0D26C780F9"}]}]}],"references":[{"url":"https://jira.atlassian.com/browse/SRCTREE-8217","source":"security@atlassian.com","tags":["Issue Tracking","Vendor Advisory"]}]}}]}