CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:yelp:42.2-8:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*

History

20 Jun 2025, 15:11

Type Values Removed Values Added
First Time Redhat codeready Linux Builder For Ibm Z Systems
Debian
Redhat enterprise Linux For Power Little Endian Eus
Redhat codeready Linux Builder For Arm64 Eus
Debian debian Linux
Redhat codeready Linux Builder For Power Little Endian Eus
Gnome
Redhat codeready Linux Builder For Power Little Endian
Redhat enterprise Linux Server Aus
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux Eus
Redhat enterprise Linux For Power Little Endian
Redhat
Redhat codeready Linux Builder For Arm64
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux Update Services For Sap Solutions
Redhat enterprise Linux For Arm 64
Gnome yelp
Redhat enterprise Linux Server Tus
Redhat codeready Linux Builder
Redhat codeready Linux Builder For Ibm Z Systems Eus
Redhat enterprise Linux For Arm 64 Eus
Redhat codeready Linux Builder For Eus
Redhat enterprise Linux
CPE cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:yelp:42.2-8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
References () https://access.redhat.com/errata/RHSA-2025:4450 - () https://access.redhat.com/errata/RHSA-2025:4450 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:4451 - () https://access.redhat.com/errata/RHSA-2025:4451 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:4455 - () https://access.redhat.com/errata/RHSA-2025:4455 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:4456 - () https://access.redhat.com/errata/RHSA-2025:4456 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:4457 - () https://access.redhat.com/errata/RHSA-2025:4457 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:4505 - () https://access.redhat.com/errata/RHSA-2025:4505 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:4532 - () https://access.redhat.com/errata/RHSA-2025:4532 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:7430 - () https://access.redhat.com/errata/RHSA-2025:7430 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2025:7569 - () https://access.redhat.com/errata/RHSA-2025:7569 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2025-3155 - () https://access.redhat.com/security/cve/CVE-2025-3155 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2357091 - () https://bugzilla.redhat.com/show_bug.cgi?id=2357091 - Exploit, Issue Tracking, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2025/04/04/1 - () http://www.openwall.com/lists/oss-security/2025/04/04/1 - Mailing List
References () https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html - () https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html - Mailing List
References () https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html - () https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html - Mailing List
References () https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 - () https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 - Exploit, Third Party Advisory
CWE CWE-601

28 May 2025, 20:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html -
  • () https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html -

14 May 2025, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:7569 -

13 May 2025, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:7430 -

06 May 2025, 13:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:4532 -

06 May 2025, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:4505 -

05 May 2025, 14:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:4456 -
  • () https://access.redhat.com/errata/RHSA-2025:4457 -

05 May 2025, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:4455 -

05 May 2025, 08:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2025:4450 -
  • () https://access.redhat.com/errata/RHSA-2025:4451 -

16 Apr 2025, 03:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 7.4

08 Apr 2025, 13:15

Type Values Removed Values Added
References
  • () https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 -

04 Apr 2025, 21:15

Type Values Removed Values Added
Summary
  • (es) Se detectó una falla en Yelp. La aplicación de ayuda al usuario de Gnome permite que el documento de ayuda ejecute scripts arbitrarios. Esta vulnerabilidad permite a usuarios maliciosos introducir documentos de ayuda, lo que puede filtrar archivos del usuario a un entorno externo.
References
  • () http://www.openwall.com/lists/oss-security/2025/04/04/1 -

03 Apr 2025, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-03 14:15

Updated : 2025-06-20 15:11


NVD link : CVE-2025-3155

Mitre link : CVE-2025-3155

CVE.ORG link : CVE-2025-3155


JSON object : View

Products Affected

redhat

  • codeready_linux_builder_for_eus
  • enterprise_linux_server_aus
  • enterprise_linux_server_tus
  • codeready_linux_builder_for_power_little_endian_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_arm_64
  • codeready_linux_builder_for_power_little_endian
  • codeready_linux_builder_for_ibm_z_systems_eus
  • enterprise_linux
  • enterprise_linux_for_arm_64_eus
  • enterprise_linux_for_power_little_endian
  • codeready_linux_builder
  • enterprise_linux_for_power_little_endian_eus
  • codeready_linux_builder_for_arm64_eus
  • codeready_linux_builder_for_ibm_z_systems
  • enterprise_linux_update_services_for_sap_solutions
  • codeready_linux_builder_for_arm64
  • enterprise_linux_eus
  • enterprise_linux_for_ibm_z_systems_eus

debian

  • debian_linux

gnome

  • yelp
CWE
CWE-829

Inclusion of Functionality from Untrusted Control Sphere

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')