Focus Mode
Cyber Security News

iTerm2 Patches Critical Security Flaw Exposing User Input and Output

Cyware

Summary: A critical security vulnerability (CVE-2025-22275) has been identified in iTerm2, a terminal emulator for macOS, allowing unauthorized access to sensitive user data due to improper logging during SSH sessions. Users are urged to update to version 3.5.11 to mitigate risks associated with this flaw.

Threat Actor: Unknown | unknown
Victim: iTerm2 Users | iTerm2 users

Key Point :

  • A vulnerability in iTerm2 versions 3.5.6 to 3.5.10 could expose sensitive data due to improper logging.
  • Users are advised to update to version 3.5.11 and delete the vulnerable log file from affected remote hosts.
  • The flaw was linked to the SSH integration feature, which logged user input and output to a file accessible by other users.
  • Developer George Nachman has acknowledged the issue and confirmed that the problematic code has been removed.

A critical security vulnerability, tracked as CVE-2025-22275 (CVSS 9.3) has been discovered and patched in iTerm2, a popular terminal emulator for macOS. The flaw, present in versions 3.5.6 through 3.5.10, as well as beta versions of 3.5.6 and later, could allow unauthorized access to sensitive user data.

The CVE-2025-22275 vulnerability stemmed from a bug in the SSH integration feature, which inadvertently logged user input and output to a file (/tmp/framer.txt) on the remote host. This file could be readable by other users on the same host, potentially exposing sensitive information such as passwords, private keys, or confidential data transmitted during SSH sessions.

I deeply regret this mistake and will take steps to ensure it never happens again,” said George Nachman, the developer of iTerm2, in a statement accompanying the release of version 3.5.11. Nachman has confirmed that the code responsible for writing to log files in the SSH integration feature has been removed and will not be reintroduced.

Who is at Risk?

Users who utilized the SSH integration feature in the affected versions and connected to remote hosts with Python 3.7 or later installed are potentially at risk. This includes those who:

  • Used the it2ssh command.
  • Configured their iTerm2 profiles to use SSH integration with the “SSH” command option.

Urgent Action Required

Users of iTerm2 are strongly urged to update immediately to version 3.5.11. Additionally, it is crucial to delete the /tmp/framer.txt file on any potentially affected remote hosts to prevent unauthorized access to logged data.

Related Posts:

Source:
https://securityonline.info/iterm2-patches-critical-security-vulnerability-exposing-user-input-and-output

Tags: CVE, VULNERABILITY, MACOS