Arbitrary Script Execution Vulnerability in Yelp Gnome User Help Application
CVE-2025-3155

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 3 April 2025

Summary

A security flaw has been identified in the Yelp application associated with the Gnome user help functionality that permits the execution of arbitrary scripts. This vulnerability can be exploited by malicious actors to inject unauthorized scripts through help documents, enabling the potential exfiltration of user files to unauthorized external locations.

References

https://access.redhat.com/security/cve/CVE-2025-3155

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2357091

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Apr 3, 2025