CVE Vulnerabilities

CVE-2025-22275

Insertion of Sensitive Information into Log File

Published: Jan 03, 2025 | Modified: Jun 20, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name Vendor Start Version End Version
Iterm2 Iterm2 3.5.6 (including) 3.5.11 (excluding)

Potential Mitigations

References