CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
redhatCNA
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://access.redhat.com/errata/RHSA-2025:4450
https://access.redhat.com/errata/RHSA-2025:4451
https://access.redhat.com/errata/RHSA-2025:4455
https://access.redhat.com/errata/RHSA-2025:4456
https://access.redhat.com/errata/RHSA-2025:4457
https://access.redhat.com/errata/RHSA-2025:4505
https://access.redhat.com/errata/RHSA-2025:4532
https://access.redhat.com/errata/RHSA-2025:7430
https://access.redhat.com/errata/RHSA-2025:7569
https://access.redhat.com/security/cve/CVE-2025-3155
https://bugzilla.redhat.com/show_bug.cgi?id=2357091
http://www.openwall.com/lists/oss-security/2025/04/04/1
https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html
https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2