CVE-2025-3155

HIGH

Yelp - Arbitrary Script Execution via Help Document

Title source: llm
STIX 2.1

Description

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

References (16)

Core 16
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4455
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4456
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4457
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4505
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4532
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:7430
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:7569
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-3155
Exploit, Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2357091
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4450
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4451

Scores

CVSS v3 7.4
EPSS 0.1259
EPSS Percentile 95.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-601
Status published
Products (50)
debian/debian_linux 11.0
gnome/yelp 42.2-8
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8 0:3.28.0-2.el8_10.1
Red Hat/Red Hat Enterprise Linux 8 2:3.28.1-3.el8_10.1
Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 2:3.28.1-3.el8_2.1
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 2:3.28.1-3.el8_4.1
Red Hat/Red Hat Enterprise Linux 8.4 Telecommunications Update Service 2:3.28.1-3.el8_4.1
Red Hat/Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions 2:3.28.1-3.el8_4.1
... and 40 more
Published Apr 03, 2025
Tracked Since Feb 18, 2026