CVE-2025-22275
Published: 03 January 2025
Description
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.
Security Summary
CVE-2025-22275 is a vulnerability in the iTerm2 terminal emulator, affecting versions 3.5.6 through 3.5.10 prior to 3.5.11. It stems from CWE-532 (Insertion of Sensitive Information into Log File) and allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This occurs in certain configurations involving it2ssh and SSH Integration during remote logins to hosts that share a common Python installation.
The vulnerability has a CVSS v3.1 base score of 9.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N), indicating it is exploitable by unauthenticated remote attackers with low attack complexity, no user interaction, and a changed scope. Attackers can achieve high confidentiality impact by accessing sensitive terminal command data and low integrity impact, enabling information disclosure without disrupting availability.
Official advisories recommend upgrading to iTerm2 3.5.11 for mitigation, as outlined in the version changelog. Detailed explanation of the SSH Integration information leak is available in the iTerm2 GitLab wiki, with community discussion on Hacker News.
Details
- CWE(s)