CVE-2025-22275

Name of the Vulnerable Software and Affected Versions iTerm2 versions 3.5.6 through 3.5.10

Description The issue sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.

Recommendations For iTerm2 versions 3.5.6 through 3.5.10, update to version 3.5.11 to resolve the issue. As a temporary workaround, consider restricting access to the /tmp/framer.txt file to minimize the risk of exploitation. Avoid using certain it2ssh and SSH Integration configurations that may be vulnerable until the issue is resolved.