Description
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
References (16)
Core 16
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4455
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4456
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4457
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4505
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4532
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:7430
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:7569
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-3155
Exploit, Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2357091
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4450
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4451
Exploit, Third Party Advisory
https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2
Scores
CVSS v3
7.4
EPSS
0.1259
EPSS Percentile
95.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (50)
debian/debian_linux
11.0
gnome/yelp
42.2-8
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:3.28.0-2.el8_10.1
Red Hat/Red Hat Enterprise Linux 8
2:3.28.1-3.el8_10.1
Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support
2:3.28.1-3.el8_2.1
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
2:3.28.1-3.el8_4.1
Red Hat/Red Hat Enterprise Linux 8.4 Telecommunications Update Service
2:3.28.1-3.el8_4.1
Red Hat/Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
2:3.28.1-3.el8_4.1
... and 40 more
Published
Apr 03, 2025
Tracked Since
Feb 18, 2026