Arbitrary Script Execution Vulnerability in Yelp Gnome User Help Application
CVE-2025-3155
6.5MEDIUM
Summary
A security flaw has been identified in the Yelp application associated with the Gnome user help functionality that permits the execution of arbitrary scripts. This vulnerability can be exploited by malicious actors to inject unauthorized scripts through help documents, enabling the potential exfiltration of user files to unauthorized external locations.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved