CVE-2025-3155
Yelp: arbitrary file read
Severity Score
7.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
It was discovered that Yelp, the help browser for the GNOME desktop, allowed help files to execute arbitrary scripts. Opening a malformed help file could have resulted in data exfiltration. For the stable distribution (bookworm), this problem has been fixed in version 42.2-1+deb12u1 of yelp and version 42.1-2+deb12u1 of yelp-xsl.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-04-03 CVE Reserved
- 2025-04-03 CVE Published
- 2025-11-11 CVE Updated
- 2026-05-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (11)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:4450 | 2025-11-11 | |
| https://access.redhat.com/errata/RHSA-2025:4451 | 2025-11-11 | |
| https://access.redhat.com/errata/RHSA-2025:4455 | 2025-11-11 | |
| https://access.redhat.com/errata/RHSA-2025:4456 | 2025-11-11 | |
| https://access.redhat.com/errata/RHSA-2025:4457 | 2025-11-11 | |
| https://access.redhat.com/errata/RHSA-2025:4505 | 2025-11-11 | |
| https://access.redhat.com/errata/RHSA-2025:4532 | 2025-11-11 | |
| https://access.redhat.com/errata/RHSA-2025:7430 | 2025-11-11 | |
| https://access.redhat.com/errata/RHSA-2025:7569 | 2025-11-11 | |
| https://access.redhat.com/security/cve/CVE-2025-3155 | 2025-05-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2357091 | 2025-05-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnome Search vendor "Gnome" | Yelp Search vendor "Gnome" for product "Yelp" | * | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
| Red Hat Search vendor "Red Hat" | Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder Search vendor "Redhat" for product "Codeready Linux Builder" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Arm64 Search vendor "Redhat" for product "Codeready Linux Builder For Arm64" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Arm64 Eus Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Eus Search vendor "Redhat" for product "Codeready Linux Builder For Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Ibm Z Systems Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Ibm Z Systems Eus Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Power Little Endian Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Aus Search vendor "Redhat" for product "Rhel Aus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel E4s Search vendor "Redhat" for product "Rhel E4s" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Tus Search vendor "Redhat" for product "Rhel Tus" | * | - |
Affected
| ||||||
| Alibabacloud Search vendor "Alibabacloud" | Alibaba Cloud Linux 3 Search vendor "Alibabacloud" for product "Alibaba Cloud Linux 3" | * | - |
Affected
| ||||||
| Alma Search vendor "Alma" | Linux Search vendor "Alma" for product "Linux" | * | - |
Affected
| ||||||
| Amazon Search vendor "Amazon" | Linux Search vendor "Amazon" for product "Linux" | * | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | * | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | * | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Eus Search vendor "Redhat" for product "Enterprise Linux For Arm 64 Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Update Services For Sap Solutions" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Aus Search vendor "Redhat" for product "Rhel Aus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel E4s Search vendor "Redhat" for product "Rhel E4s" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Tus Search vendor "Redhat" for product "Rhel Tus" | * | - |
Affected
| ||||||