CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
redhatCNA
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
gnomeyelp
42.2-8
debiandebian_linux
11.0
redhatcodeready_linux_builder
8.0
redhatcodeready_linux_builder
9.0
redhatcodeready_linux_builder_for_arm64
8.0_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64
9.0_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
8.8_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
9.2_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
9.4_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
9.6_aarch64:_aarch64
redhatcodeready_linux_builder_for_eus
8.8
redhatcodeready_linux_builder_for_eus
9.2
redhatcodeready_linux_builder_for_eus
9.4
redhatcodeready_linux_builder_for_ibm_z_systems
8.0_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems
9.0_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
8.8_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
9.2_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
9.4_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
9.6_s390x:_s390x
redhatcodeready_linux_builder_for_power_little_endian
8.0_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian
9.0_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
8.8_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
9.2_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
9.4_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
9.6_ppc64le:_ppc64le
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux_eus
9.2
redhatenterprise_linux_eus
9.4
redhatenterprise_linux_eus
9.6
redhatenterprise_linux_for_arm_64
8.0
redhatenterprise_linux_for_arm_64
8.8_aarch64:_aarch64
redhatenterprise_linux_for_arm_64
9.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64
9.2_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.4_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.6_aarch64:_aarch64
redhatenterprise_linux_for_ibm_z_systems
8.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems
9.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
8.8_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.2_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.4_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.6_s390x:_s390x
redhatenterprise_linux_for_power_little_endian
8.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian
9.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
8.8_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.2_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.4_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.6_ppc64le:_ppc64le
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
redhatenterprise_linux_server_aus
8.6
redhatenterprise_linux_server_aus
9.2
redhatenterprise_linux_server_aus
9.4
redhatenterprise_linux_server_aus
9.6
redhatenterprise_linux_server_tus
8.4
redhatenterprise_linux_server_tus
8.6
redhatenterprise_linux_server_tus
8.8
redhatenterprise_linux_update_services_for_sap_solutions
8.4
redhatenterprise_linux_update_services_for_sap_solutions
8.6
redhatenterprise_linux_update_services_for_sap_solutions
8.8
redhatenterprise_linux_update_services_for_sap_solutions
9.0
redhatenterprise_linux_update_services_for_sap_solutions
9.2
redhatenterprise_linux_update_services_for_sap_solutions
9.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:4450
https://access.redhat.com/errata/RHSA-2025:4451
https://access.redhat.com/errata/RHSA-2025:4455
https://access.redhat.com/errata/RHSA-2025:4456
https://access.redhat.com/errata/RHSA-2025:4457
https://access.redhat.com/errata/RHSA-2025:4505
https://access.redhat.com/errata/RHSA-2025:4532
https://access.redhat.com/errata/RHSA-2025:7430
https://access.redhat.com/errata/RHSA-2025:7569
https://access.redhat.com/security/cve/CVE-2025-3155
https://bugzilla.redhat.com/show_bug.cgi?id=2357091
http://www.openwall.com/lists/oss-security/2025/04/04/1
https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html
https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2