CVE-2025-22275CRITICAL 9.3EPSS p38.2%

CVE-2025-22275CVE-2025-22275

Description

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.

Scoring

CVSS 3.19.3 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
EPSS0.49% probability of exploitation · percentile 38.2% · 2026-06-18T12:00:27Z
Published2025-01-03
Last modified2025-06-20

Underlying weaknesses· 1

CWE-532

References

  1. https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak
  2. https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog
  3. https://news.ycombinator.com/item?id=42579472

1

TypeTargetConfidenceTier
WeaknessInsertion of Sensitive Information into Log Filecwe-5320%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-32105
CVE
CVE-2026-3802
CVE
CVE-2025-22467
CVE
CVE-2025-43012
CVE
CVE-2026-35386
CVE
CVE-2026-22907
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.