CVE-2025-22275

Published Jan 3, 2025

Last updated a month ago

Overview

Description
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.3
Impact score
4.7
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-532

Social media

Hype score
Not currently trending
  1. iTerm2 の脆弱性 CVE-2025-22275 (CVSS 9.3)  が FIX:情報漏洩に至る可能性 https://t.co/QHP7pWM1dV iTerm2 の脆弱性 CVE-2025-22275 が FIX しました。影響を受けるバージョンで SSH 統合機能を利用し、Python 3.7… https://t.co/Oeu1uwjZnU

    @iototsecnews

    13 Jan 2025

    150 Impressions

    3 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. “NVD - CVE-2025-22275” https://t.co/SgmI2ckPIT

    @stefafafan

    7 Jan 2025

    119 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE Alert: CVE-2025-22275 - https://t.co/AENgY16Vql #OSINT #ThreatIntel #CyberSecurity #cve_2025_22275

    @RedPacketSec

    4 Jan 2025

    75 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 iTerm2 has patched a critical vulnerability (CVE-2025-22275) affecting versions 3.5.6 to 3.5.10. Improper logging during SSH sessions may expose user data. Update to 3.5.11! 💻🛡️ #iTerm2 #macOS #Privacy #CybersecurityNews link: https://t.co/fNPhGjZc4w https://t.co/yvegUeuB4S

    @TweetThreatNews

    4 Jan 2025

    25 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. BaseScore: 9.3, BaseSeverity: CRITICAL, id: CVE-2025-22275, published: 2025-01-03T05:15:08.243, sourceIdentifier: cve@mitre.org, url: https://t.co/AqFTnnrciW, vulnStatus: Received

    @CVETracker

    4 Jan 2025

    18 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. macOS用の人気端末エミュレータiTerm2に重大(Critical)な脆弱性。CVE-2025-22275はCVSSスコア9.3で、SSH統合機能が利用者の入出力をリモートホスト上の/tmp/framer.txtに出力してしまうもの。このファイルはどうホスト上のほかユーザから読み取り可能。最新版で修正済み。 https://t.co/UWdn6U4Xja

    @__kokumoto

    3 Jan 2025

    2811 Impressions

    14 Retweets

    44 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  7. #Cyberalert 🚨 Critical Vulnerability in iTerm2: CVE-2025-22275 A critical flaw (CVSS 9.3) in iTerm2, a widely used terminal emulator for macOS, has been patched. This vulnerability, tracked as CVE-2025-22275, affects versions 3.5.6 to 3.5.10 (including beta versions). It… http

    @GHak2learn27752

    3 Jan 2025

    207 Impressions

    1 Retweet

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. CVE-2025-22275 Sensitive Information Disclosure in iTerm2 via Temporary File Exposure iTerm2 versions from 3.5.6 to 3.5.10, before version 3.5.11, may let remote attackers access sensitive information. This happe... https://t.co/Ae8vgzZc9Q

    @VulmonFeeds

    3 Jan 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2025-22275 iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file… https://t.co/SnvaCZ6vv1

    @CVEnew

    3 Jan 2025

    595 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. [CVE-2025-22275: CRITICAL] Vulnerability in iTerm2 versions 3.5.6 to 3.5.10 allows attackers to access sensitive data via /tmp/framer.txt during remote logins in specific Python-installed hosts. Update to 3.5.11 ...#cybersecurity,#vulnerability https://t.co/6vRsxMt5El https://t.c

    @CveFindCom

    3 Jan 2025

    16 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes