Critical severity9.9NVD Advisory· Published Mar 22, 2018· Updated Jun 17, 2026
CVE-2018-5225
CVE-2018-5225
Description
In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=4.13.0, <5.4.8 OR >=5.5.0, <5.5.8 OR >=5.6.0, <5.6.5 OR >=5.7.0, <5.7.3 OR >=5.8.0, <5.8.2+ 1 more
- (no CPE)range: >=4.13.0, <5.4.8 OR >=5.5.0, <5.5.8 OR >=5.6.0, <5.6.5 OR >=5.7.0, <5.7.3 OR >=5.8.0, <5.8.2
- (no CPE)range: 4.13.0
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/103488nvdThird Party AdvisoryVDB Entry
- confluence.atlassian.com/x/3WNsOnvdVendor Advisory
- jira.atlassian.com/browse/BSERV-10684nvdVendor Advisory
News mentions
0No linked articles in our index yet.