A critical security vulnerability, tracked as CVE-2025-22275 (CVSS 9.3) has been discovered and patched in iTerm2, a popular terminal emulator for macOS. The flaw, present in versions 3.5.6 through 3.5.10, as well as beta versions of 3.5.6 and later, could allow unauthorized access to sensitive user data.
The CVE-2025-22275 vulnerability stemmed from a bug in the SSH integration feature, which inadvertently logged user input and output to a file (/tmp/framer.txt) on the remote host. This file could be readable by other users on the same host, potentially exposing sensitive information such as passwords, private keys, or confidential data transmitted during SSH sessions.
“I deeply regret this mistake and will take steps to ensure it never happens again,” said George Nachman, the developer of iTerm2, in a statement accompanying the release of version 3.5.11. Nachman has confirmed that the code responsible for writing to log files in the SSH integration feature has been removed and will not be reintroduced.
Who is at Risk?
Users who utilized the SSH integration feature in the affected versions and connected to remote hosts with Python 3.7 or later installed are potentially at risk. This includes those who:
- Used the it2ssh command.
- Configured their iTerm2 profiles to use SSH integration with the “SSH” command option.
Urgent Action Required
Users of iTerm2 are strongly urged to update immediately to version 3.5.11. Additionally, it is crucial to delete the /tmp/framer.txt file on any potentially affected remote hosts to prevent unauthorized access to logged data.
