CVE-2025-3155

HIGH

7.4

Description

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

CVE Details

CVSS v3.1 Score7.4

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published4/3/2025

Last Modified8/12/2025

Sourcenvd

Honeypot Sightings0

Affected Products

debian:debian_linuxgnome:yelpredhat:codeready_linux_builderredhat:codeready_linux_builder_for_arm64redhat:codeready_linux_builder_for_arm64_eusredhat:codeready_linux_builder_for_eusredhat:codeready_linux_builder_for_ibm_z_systemsredhat:codeready_linux_builder_for_ibm_z_systems_eusredhat:codeready_linux_builder_for_power_little_endianredhat:codeready_linux_builder_for_power_little_endian_eusredhat:enterprise_linuxredhat:enterprise_linux_eusredhat:enterprise_linux_for_arm_64redhat:enterprise_linux_for_arm_64_eusredhat:enterprise_linux_for_ibm_z_systemsredhat:enterprise_linux_for_ibm_z_systems_eusredhat:enterprise_linux_for_power_little_endianredhat:enterprise_linux_for_power_little_endian_eusredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_tusredhat:enterprise_linux_update_services_for_sap_solutions