Arbitrary Script Execution Vulnerability in Yelp Gnome User Help Application
CVE-2025-3155

6.5MEDIUM

Key Information:

Summary

A security flaw has been identified in the Yelp application associated with the Gnome user help functionality that permits the execution of arbitrary scripts. This vulnerability can be exploited by malicious actors to inject unauthorized scripts through help documents, enabling the potential exfiltration of user files to unauthorized external locations.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.