Escape Sequence Vulnerability in Mintty Terminal Emulator by Git for Windows
CVE-2024-45301

5.3MEDIUM

Key Information:

Vendor: Mintty
Status: Mintty
Vendor: CVE Published:; 12 November 2025

What is CVE-2024-45301?

The Mintty terminal emulator, utilized within Cygwin and MSYS environments, has a vulnerability stemming from improper handling of escape sequences. Versions ranging from 2.3.6 to 3.7.4 are susceptible to this issue, where certain escape sequences can lead to the execution of commands that access arbitrary files. This flaw may allow an attacker to send specially crafted sequences to a terminal instance, which could be leveraged to access network paths and obtain NTLM hashes from the victim's system, potentially facilitating further attacks using password cracking tools. The vulnerability was addressed in version 3.7.5.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

mintty >= 2.3.6, < 3.7.5

References

https://github.com/mintty/mintty/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Aug 26, 2024

JSON

Mintty

What is CVE-2024-45301?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.