Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple's macOS operating system and Linux. The name is intended to suggest the idea of building software on the Mac depending on the user's taste. Originally written by Max Howell, the package manager has gained popularity in the Ruby on Rails community and earned praise for its extensibility.

Homebrew

SourceTree is a free desktop client for Git and Mercurial version control systems. Developed by Atlassian, it simplifies how you interact with your Git and Mercurial repositories so you can focus on coding. It is designed to visualize and manage your repositories through its simple graphical interface.

SourceTree

This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac.

This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. 

Atlassian recommends that Sourcetree for Mac users upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://www.sourcetreeapp.com/download-archives .

You can download the latest version of Sourcetree for Mac from the download center https://www.sourcetreeapp.com/download-archives .

This vulnerability was found through the Atlassian Bug Bounty Program by Karol Mazurek (AFINE).

CVE-2025-22165:
Homebrew vulnerability analysis and mitigation

Overview

Technical details

Impact

Mitigation and workarounds

Community reactions

Additional resources

5.9

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-22165: Homebrew vulnerability analysis and mitigation