A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
20 Jun 2025, 15:11
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat codeready Linux Builder For Ibm Z Systems
Debian Redhat enterprise Linux For Power Little Endian Eus Redhat codeready Linux Builder For Arm64 Eus Debian debian Linux Redhat codeready Linux Builder For Power Little Endian Eus Gnome Redhat codeready Linux Builder For Power Little Endian Redhat enterprise Linux Server Aus Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux Eus Redhat enterprise Linux For Power Little Endian Redhat Redhat codeready Linux Builder For Arm64 Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux Update Services For Sap Solutions Redhat enterprise Linux For Arm 64 Gnome yelp Redhat enterprise Linux Server Tus Redhat codeready Linux Builder Redhat codeready Linux Builder For Ibm Z Systems Eus Redhat enterprise Linux For Arm 64 Eus Redhat codeready Linux Builder For Eus Redhat enterprise Linux |
|
CPE | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_eus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:* cpe:2.3:a:gnome:yelp:42.2-8:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.8_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:* |
|
References | () https://access.redhat.com/errata/RHSA-2025:4450 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2025:4451 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2025:4455 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2025:4456 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2025:4457 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2025:4505 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2025:4532 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2025:7430 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2025:7569 - Third Party Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2025-3155 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2357091 - Exploit, Issue Tracking, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2025/04/04/1 - Mailing List | |
References | () https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html - Mailing List | |
References | () https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html - Mailing List | |
References | () https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 - Exploit, Third Party Advisory | |
CWE | CWE-601 |
28 May 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 May 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 May 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 May 2025, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 May 2025, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 May 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 May 2025, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 May 2025, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Apr 2025, 03:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
08 Apr 2025, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Apr 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
03 Apr 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-03 14:15
Updated : 2025-06-20 15:11
NVD link : CVE-2025-3155
Mitre link : CVE-2025-3155
CVE.ORG link : CVE-2025-3155
JSON object : View
Products Affected
redhat
- codeready_linux_builder_for_eus
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- codeready_linux_builder_for_power_little_endian_eus
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_for_arm_64
- codeready_linux_builder_for_power_little_endian
- codeready_linux_builder_for_ibm_z_systems_eus
- enterprise_linux
- enterprise_linux_for_arm_64_eus
- enterprise_linux_for_power_little_endian
- codeready_linux_builder
- enterprise_linux_for_power_little_endian_eus
- codeready_linux_builder_for_arm64_eus
- codeready_linux_builder_for_ibm_z_systems
- enterprise_linux_update_services_for_sap_solutions
- codeready_linux_builder_for_arm64
- enterprise_linux_eus
- enterprise_linux_for_ibm_z_systems_eus
debian
- debian_linux
gnome
- yelp