A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
CVSS
No CVSS.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
20 Jun 2025, 15:11
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Redhat codeready Linux Builder For Ibm Z Systems Eus
Debian Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Eus Redhat codeready Linux Builder For Eus Redhat enterprise Linux Server Tus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux Update Services For Sap Solutions Redhat codeready Linux Builder Redhat codeready Linux Builder For Ibm Z Systems Redhat enterprise Linux Server Aus Redhat codeready Linux Builder For Power Little Endian Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux Gnome yelp Redhat codeready Linux Builder For Arm64 Eus Redhat codeready Linux Builder For Power Little Endian Eus Redhat codeready Linux Builder For Arm64 Redhat enterprise Linux For Arm 64 Eus Gnome Redhat Debian debian Linux Redhat enterprise Linux Eus |
|
| References | () https://access.redhat.com/security/cve/CVE-2025-3155 - Third Party Advisory | |
| References | () https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 - Exploit, Third Party Advisory | |
| References | () https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html - Mailing List | |
| References | () https://access.redhat.com/errata/RHSA-2025:7430 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:4451 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:7569 - Third Party Advisory | |
| References | () https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html - Mailing List | |
| References | () https://access.redhat.com/errata/RHSA-2025:4450 - Third Party Advisory | |
| References | () https://bugzilla.redhat.com/show_bug.cgi?id=2357091 - Exploit, Issue Tracking, Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:4455 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:4457 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:4505 - Third Party Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2025/04/04/1 - Mailing List | |
| References | () https://access.redhat.com/errata/RHSA-2025:4456 - Third Party Advisory | |
| References | () https://access.redhat.com/errata/RHSA-2025:4532 - Third Party Advisory | |
| CWE | CWE-601 | |
| CPE | cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_eus:8.8:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:gnome:yelp:42.2-8:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.8_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_eus:9.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:* |
28 May 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
14 May 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
13 May 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
06 May 2025, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
06 May 2025, 08:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
05 May 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
05 May 2025, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
05 May 2025, 08:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
| References |
|
16 Apr 2025, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
08 Apr 2025, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
04 Apr 2025, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
| CWE | ||
| References |
|
03 Apr 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-04-03 14:15
Updated : 2025-08-12 21:15
NVD link : CVE-2025-3155
Mitre link : CVE-2025-3155
JSON object : View
Products Affected
redhat
- enterprise_linux_for_power_little_endian_eus
- codeready_linux_builder_for_power_little_endian_eus
- enterprise_linux_for_arm_64
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_server_aus
- codeready_linux_builder
- enterprise_linux_for_arm_64_eus
- enterprise_linux_for_ibm_z_systems
- codeready_linux_builder_for_ibm_z_systems
- enterprise_linux_server_tus
- enterprise_linux_for_power_little_endian
- codeready_linux_builder_for_ibm_z_systems_eus
- codeready_linux_builder_for_arm64
- enterprise_linux_eus
- enterprise_linux
- codeready_linux_builder_for_power_little_endian
- codeready_linux_builder_for_arm64_eus
- enterprise_linux_update_services_for_sap_solutions
- codeready_linux_builder_for_eus
debian
- debian_linux
gnome
- yelp
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')