CVE-2025-3155

CWE-601 — Open Redirect CWE-8297 documents7 sources

Severity

7.4HIGH

EPSS

0.7%

top 28.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Gnome Yelp Redhat Codeready Linux Builder +18 more

Timeline

PublishedApr 3

Latest updateApr 23

Description

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages5 packages

▶NVDgnome/yelp42.2-8

▶Debianyelp< 3.38.3-1+deb11u1+3

▶Debianyelp-xsl< 3.38.3-1+deb11u1+3

▶NVDredhat/codeready_linux_builder6 versions+5

▶NVDredhat/enterprise_linux_update_services6 versions+5

Also affects: Debian Linux 11.0, Enterprise Linux 8.0, 9.0, 9.2, 9.4, 9.6, 8.8, 8.2, 8.4, 8.6

🔴Vulnerability Details

CVEList

Yelp: arbitrary file read↗2025-04-03

▶

GHSA

GHSA-h7mx-548v-cr9r: A flaw was found in Yelp↗2025-04-03

▶

OSV

CVE-2025-3155: A flaw was found in Yelp↗2025-04-03

▶

📋Vendor Advisories

Ubuntu

Yelp vulnerability↗2025-04-23

▶

Red Hat

yelp: Arbitrary file read↗2025-04-03

▶

Debian

CVE-2025-3155: yelp - A flaw was found in Yelp. The Gnome user help application allows the help docume...↗2025

▶