CVE-2025-3155: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to…

high7.4CVSS 3.1

AVNACLPRNUIRSCCHINAN

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Affected

69 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	yelp	< yelp 42.2-1+deb12u1 (bookworm)	yelp 42.2-1+deb12u1 (bookworm)
debian	yelp-xsl	< yelp 42.2-1+deb12u1 (bookworm)	yelp 42.2-1+deb12u1 (bookworm)
gnome	yelp	—	—
gnome	yelp	>= 0 < 3.38.3-1+deb11u1	3.38.3-1+deb11u1
gnome	yelp	>= 0 < 42.2-1+deb12u1	42.2-1+deb12u1
gnome	yelp	>= 0 < 42.2-3	42.2-3
gnome	yelp	>= 0 < 42.2-3	42.2-3
redhat	codeready_linux_builder	—	—
redhat	codeready_linux_builder	—	—
redhat	codeready_linux_builder_for_arm64	—	—
redhat	codeready_linux_builder_for_arm64	—	—
redhat	codeready_linux_builder_for_arm64_eus	—	—
redhat	codeready_linux_builder_for_arm64_eus	—	—
redhat	codeready_linux_builder_for_arm64_eus	—	—
redhat	codeready_linux_builder_for_arm64_eus	—	—
redhat	codeready_linux_builder_for_eus	—	—
redhat	codeready_linux_builder_for_eus	—	—
redhat	codeready_linux_builder_for_eus	—	—
redhat	codeready_linux_builder_for_ibm_z_systems	—	—
redhat	codeready_linux_builder_for_ibm_z_systems	—	—
redhat	codeready_linux_builder_for_ibm_z_systems_eus	—	—
redhat	codeready_linux_builder_for_ibm_z_systems_eus	—	—
redhat	codeready_linux_builder_for_ibm_z_systems_eus	—	—
redhat	codeready_linux_builder_for_ibm_z_systems_eus	—	—

CVSS provenance

nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

osv7.4HIGH