CVE-2025-22275

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-22275

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22275.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-22275

Published

2025-01-03T05:15:08Z

Modified

2025-06-27T03:27:54Z

Summary

[none]

Details

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.

References

https://news.ycombinator.com/item?id=42579472
https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak
https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog

Affected packages

Git / github.com/gnachman/iterm2

Affected ranges

Type: GIT
Repo: https://github.com/gnachman/iterm2
Events: Introduced

6604bc0843e66549475291428c14124c6c3fee9b

Fixed

80c262998f2503618cadfc32dbebc01c4fb985bb