CRITICAL🇵🇱 Wersja polska

CVE-2024-38395

CVSS 9.8v3.1pub. 2024-06-16upd. 2025-06-18

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."

🤖 AI Analysis
How it works

The user setting "Terminal may report window title", which should block the ability of the terminal to report the window title, is not actually enforced by the application. A malicious remote webpage can exploit this vulnerability (classified as CWE-94 – improper control of generation of code) to inject and execute arbitrary code on the victim's machine. The attack requires no authentication or user interaction, and access is gained over the network.

Impact

An attacker can remotely execute arbitrary code on the victim's system, potentially leading to complete system takeover, data exfiltration, or further lateral movement in the network.

Mitigation & patch

iTerm2 should be updated to version 3.5.2 or later, available at https://iterm2.com/downloads.html. The fix was introduced in commit f1e89f78dd72dcac3ba66d3d6f93db3f7f649219.

Who is affected

iTerm2 versions earlier than 3.5.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Iterm2

    APP
    Iterm2
    3.5.0 – 3.5.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-22275CRITICAL9.3PL ✓ten sam produkt

iTerm2: wyciek danych z poleceń terminalowych przez plik /tmp/framer.txt

CVE-2024-38396CRITICAL9.8PL ✓ten sam produkt

iTerm2: wstrzyknięcie kodu przez sekwencję escape w integracji tmux (RCE)

CVE-2023-46321CRITICAL9.8ten sam produkt

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have ...

CVE-2023-46322CRITICAL9.8ten sam produkt

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's in...

CVE-2023-46300CRITICAL9.8ten sam produkt

iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequen...