VYPR
Critical severity9.9NVD Advisory· Published Mar 22, 2018· Updated Jun 17, 2026

CVE-2018-5225

CVE-2018-5225

Description

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Atlassian/Bitbucket Serverllm-fuzzy2 versions
    >=4.13.0, <5.4.8 OR >=5.5.0, <5.5.8 OR >=5.6.0, <5.6.5 OR >=5.7.0, <5.7.3 OR >=5.8.0, <5.8.2+ 1 more
    • (no CPE)range: >=4.13.0, <5.4.8 OR >=5.5.0, <5.5.8 OR >=5.6.0, <5.6.5 OR >=5.7.0, <5.7.3 OR >=5.8.0, <5.8.2
    • (no CPE)range: 4.13.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.