Escape Sequence Vulnerability in Mintty Terminal Emulator by Git for Windows
CVE-2024-45301

5.3MEDIUM

Key Information:

Vendor: Mintty
Status: Mintty
Vendor: CVE Published:; 12 November 2025

What is CVE-2024-45301?

The Mintty terminal emulator, utilized within Cygwin and MSYS environments, has a vulnerability stemming from improper handling of escape sequences. Versions ranging from 2.3.6 to 3.7.4 are susceptible to this issue, where certain escape sequences can lead to the execution of commands that access arbitrary files. This flaw may allow an attacker to send specially crafted sequences to a terminal instance, which could be leveraged to access network paths and obtain NTLM hashes from the victim's system, potentially facilitating further attacks using password cracking tools. The vulnerability was addressed in version 3.7.5.

Affected Version(s)

mintty >= 2.3.6, < 3.7.5

References

https://github.com/mintty/mintty/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Aug 26, 2024

JSON