CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:4450	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4451	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4455	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4456	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4457	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4505	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4532	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:7430	Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:7569	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2025-3155	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2357091	Exploit Issue Tracking Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/04/04/1	Mailing List
https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html	Mailing List
https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html	Mailing List
https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:yelp:42.2-8:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:redhat:codeready_linux_builder:8.0:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder:9.0:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.8_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_eus:8.8:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.2:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.4:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.8_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.8_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::*

History

20 Jun 2025, 15:11

28 May 2025, 20:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html - () https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html -

14 May 2025, 16:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:7569 -

13 May 2025, 15:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:7430 -

06 May 2025, 13:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:4532 -

06 May 2025, 08:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:4505 -

05 May 2025, 14:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:4456 - () https://access.redhat.com/errata/RHSA-2025:4457 -

05 May 2025, 10:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:4455 -

05 May 2025, 08:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:4450 - () https://access.redhat.com/errata/RHSA-2025:4451 -

16 Apr 2025, 03:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 7.4

08 Apr 2025, 13:15

Type	Values Removed	Values Added
References		() https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 -

04 Apr 2025, 21:15

Type	Values Removed	Values Added
Summary		(es) Se detectó una falla en Yelp. La aplicación de ayuda al usuario de Gnome permite que el documento de ayuda ejecute scripts arbitrarios. Esta vulnerabilidad permite a usuarios maliciosos introducir documentos de ayuda, lo que puede filtrar archivos del usuario a un entorno externo.
References		() http://www.openwall.com/lists/oss-security/2025/04/04/1 -

03 Apr 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-03 14:15

Updated : 2025-06-20 15:11

NVD link : CVE-2025-3155

Mitre link : CVE-2025-3155

CVE.ORG link : CVE-2025-3155

JSON object : View

Products Affected

redhat

codeready_linux_builder_for_eus
enterprise_linux_server_aus
enterprise_linux_server_tus
codeready_linux_builder_for_power_little_endian_eus
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_arm_64
codeready_linux_builder_for_power_little_endian
codeready_linux_builder_for_ibm_z_systems_eus
enterprise_linux
enterprise_linux_for_arm_64_eus
enterprise_linux_for_power_little_endian
codeready_linux_builder
enterprise_linux_for_power_little_endian_eus
codeready_linux_builder_for_arm64_eus
codeready_linux_builder_for_ibm_z_systems
enterprise_linux_update_services_for_sap_solutions
codeready_linux_builder_for_arm64
enterprise_linux_eus
enterprise_linux_for_ibm_z_systems_eus

debian

debian_linux

gnome

yelp

CWE

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2025-3155", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2025-04-03T14:15:46.413", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:4450", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4451", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4455", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4456", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4457", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4505", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4532", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:7430", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:7569", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-3155", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357091", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2025/04/04/1", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-829"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Yelp. La aplicaci\u00f3n de ayuda al usuario de Gnome permite que el documento de ayuda ejecute scripts arbitrarios. Esta vulnerabilidad permite a usuarios maliciosos introducir documentos de ayuda, lo que puede filtrar archivos del usuario a un entorno externo."}], "lastModified": "2025-06-20T15:11:52.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:yelp:42.2-8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8315E3B-0799-482A-922B-7F67AECA222B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93A089E2-D66E-455C-969A-3140D991BAF4"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ABBAA9E-CCBA-480B-ABB5-454448D91262"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D206176C-6B2B-4BED-A3A2-AE39A41CB3C5"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "910C9542-26FC-4635-9351-128727971830"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.8_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "547DCB0A-32F0-4BC9-BCA4-EA50064DA5D6"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88F9EB73-1F19-4BD9-AB19-36F9F1A5156E"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "800018EE-9FCC-4F14-92DB-EB54356F0DE1"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_eus:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8714D60B-F850-4502-A0A1-0F9F7FCBBA2C"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC66079B-F509-4D3D-82F6-09E9BFC546AD"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "122568F4-9EBA-474F-8395-D0EFFEE88691"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55CF7208-4D36-4C35-92BC-F6EA2C8DEDE1"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA92752D-53D2-48EC-B44F-CAF41C531162"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35232613-B8B5-4F4D-A6CD-3823C6666534"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1050EBC8-F338-4450-8288-62D72E82147A"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F791F846-7762-40E0-9056-032FD10F2046"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B3D7389-35C1-48C4-A9EC-2564842723C4"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9795CF6-CBEB-4FE4-BAAC-D9D514C6B5B6"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2ED1251-245C-4390-8964-DDCAD54A8957"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03A1BB59-4BE6-4339-ABB7-C18B7D899FB9"}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "404D6B0B-807A-4916-9BF7-D83EB138E22F"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4CF8D2F-DACA-49C2-A9F4-63496B0A9A80"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F797F2E-00E6-4D03-A94E-524227529A0A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7F8A347-0ACE-40E4-BF7B-656D66DDB425"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D85E0DBA-A856-472A-8271-A4F37C35F952"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01363FFA-F7A6-43FC-8D47-E67F95410095"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA15BFFC-B8E8-4EE3-8E14-8C95DF6C99C4"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F843B777-5C64-4CAE-80D6-89DC2C9515B1"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "778ACA25-ED77-4EFC-A183-DE094C58B268"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0516993E-CBD5-44F1-8684-7172C9ABFD0A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39D345D3-108A-4551-A112-5EE51991411A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FDD919E-B7FE-4EC5-8D6B-EC9A4723D6E2"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E881C927-DF96-4D2E-9887-FF12E456B1FB"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB096D5D-E8F6-4164-8B76-0217B7151D30"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01ED4F33-EBE7-4C04-8312-3DA580EFFB68"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "083AAC55-E87B-482A-A1F4-8F2DEB90CB23"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FD9BF0E-7ACF-4A83-B754-6E3979ED903F"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18B7F648-9A31-4EE5-A215-C860616A4AB7"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

Type	Values Removed	Values Added
First Time		Redhat codeready Linux Builder For Ibm Z Systems Debian Redhat enterprise Linux For Power Little Endian Eus Redhat codeready Linux Builder For Arm64 Eus Debian debian Linux Redhat codeready Linux Builder For Power Little Endian Eus Gnome Redhat codeready Linux Builder For Power Little Endian Redhat enterprise Linux Server Aus Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux Eus Redhat enterprise Linux For Power Little Endian Redhat Redhat codeready Linux Builder For Arm64 Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux Update Services For Sap Solutions Redhat enterprise Linux For Arm 64 Gnome yelp Redhat enterprise Linux Server Tus Redhat codeready Linux Builder Redhat codeready Linux Builder For Ibm Z Systems Eus Redhat enterprise Linux For Arm 64 Eus Redhat codeready Linux Builder For Eus Redhat enterprise Linux
CPE		cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.4:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.8_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_eus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.8_s390x:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::* cpe:2.3:a:gnome:yelp:42.2-8:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.8_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.2:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
References	~~() https://access.redhat.com/errata/RHSA-2025:4450 -~~	() https://access.redhat.com/errata/RHSA-2025:4450 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:4451 -~~	() https://access.redhat.com/errata/RHSA-2025:4451 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:4455 -~~	() https://access.redhat.com/errata/RHSA-2025:4455 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:4456 -~~	() https://access.redhat.com/errata/RHSA-2025:4456 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:4457 -~~	() https://access.redhat.com/errata/RHSA-2025:4457 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:4505 -~~	() https://access.redhat.com/errata/RHSA-2025:4505 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:4532 -~~	() https://access.redhat.com/errata/RHSA-2025:4532 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:7430 -~~	() https://access.redhat.com/errata/RHSA-2025:7430 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:7569 -~~	() https://access.redhat.com/errata/RHSA-2025:7569 - Third Party Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2025-3155 -~~	() https://access.redhat.com/security/cve/CVE-2025-3155 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2357091 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2357091 - Exploit, Issue Tracking, Third Party Advisory
References	~~() http://www.openwall.com/lists/oss-security/2025/04/04/1 -~~	() http://www.openwall.com/lists/oss-security/2025/04/04/1 - Mailing List
References	~~() https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html -~~	() https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html - Mailing List
References	~~() https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html -~~	() https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html - Mailing List
References	~~() https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 -~~	() https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 - Exploit, Third Party Advisory
CWE		CWE-601

7.4 /10