CVE-2025-22275

CRITICAL 9.3

CVSS Score

9.3

EPSS Score

0.0%

EPSS Percentile

0th

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.

CWE	CWE-532
Vendor	iterm2
Product	iterm2
Published	Jan 3, 2025
Last Updated	Jan 3, 2025

Stay Ahead of the Next One

Get instant alerts for iterm2 iterm2

Be the first to know when new critical vulnerabilities affecting iterm2 iterm2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

iTerm2 / iTerm2

3.5.6 < 3.5.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

iterm2.com: https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog news.ycombinator.com: https://news.ycombinator.com/item?id=42579472 gitlab.com: https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak