CVE-2025-3155

Summary

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Affected Software

VendorProductVersion RangeStatus
0 < 42.2-8affected
Red HatRed Hat Enterprise Linux 82:3.28.1-3.el8_10.1 < *unaffected
Red HatRed Hat Enterprise Linux 80:3.28.0-2.el8_10.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support2:3.28.1-3.el8_2.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support2:3.28.1-3.el8_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Telecommunications Update Service2:3.28.1-3.el8_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Update Services for SAP Solutions2:3.28.1-3.el8_4.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support2:3.28.1-3.el8_6.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service2:3.28.1-3.el8_6.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions2:3.28.1-3.el8_6.1 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support2:3.28.1-3.el8_8.1 < *unaffected
Red HatRed Hat Enterprise Linux 92:40.3-2.el9_6.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions2:40.3-2.el9_0.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support2:40.3-2.el9_2.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support2:40.3-2.el9_4.1 < *unaffected

Weaknesses

  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Workarounds

Currently, no mitigation is available for this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

CVE Program Container

Additional References

References