CVE-2025-3155

{"id": "CVE-2025-3155", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2025-04-03T14:15:46.413", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:4450", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4451", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4455", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4456", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4457", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4505", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4532", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:7430", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:7569", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-3155", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357091", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2025/04/04/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-829"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Yelp. La aplicaci\u00f3n de ayuda al usuario de Gnome permite que el documento de ayuda ejecute scripts arbitrarios. Esta vulnerabilidad permite a usuarios maliciosos introducir documentos de ayuda, lo que puede filtrar archivos del usuario a un entorno externo."}], "lastModified": "2025-05-28T20:15:20.913", "sourceIdentifier": "secalert@redhat.com"}