CVE-2025-22275

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-22275

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22275.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-22275

Published

2025-01-03T05:15:08.243Z

Modified

2026-03-15T22:50:36.662461Z

Severity

9.3 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.

References

Affected packages

Git / github.com/gnachman/iterm2

Affected ranges

Type

GIT

Repo

https://github.com/gnachman/iterm2

Events

Introduced

6604bc0843e66549475291428c14124c6c3fee9b

Fixed

80c262998f2503618cadfc32dbebc01c4fb985bb

Database specific

{
    "versions": [
        {
            "introduced": "3.5.6"
        },
        {
            "fixed": "3.5.11"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22275.json"