7.4

CVE-2025-3155

Exploit

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Data is provided by the National Vulnerability Database (NVD)
GnomeYelp Version42.2-8
DebianDebian Linux Version11.0
RedhatCodeready Linux Builder For Arm64 Version8.0_aarch64
RedhatCodeready Linux Builder For Arm64 Version9.0_aarch64
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux Eus Version9.4
RedhatEnterprise Linux Eus Version9.6
RedhatEnterprise Linux For Arm 64 Version8.8_aarch64
RedhatEnterprise Linux For Arm 64 Version9.0_aarch64
RedhatEnterprise Linux For Arm 64 Version9.2_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.4_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.6_aarch64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.13% 0.333
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
secalert@redhat.com 7.4 2.8 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://bugzilla.redhat.com/show_bug.cgi?id=2357091
Third Party Advisory
Exploit
Issue Tracking