7.4

CVE-2025-3155

Exploit

Yelp: arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeYelp Version42.2-8
DebianDebian Linux Version11.0
RedhatCodeready Linux Builder For Arm64 Version8.0_aarch64
RedhatCodeready Linux Builder For Arm64 Version9.0_aarch64
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux Eus Version9.4
RedhatEnterprise Linux Eus Version9.6
RedhatEnterprise Linux For Arm 64 Version8.8_aarch64
RedhatEnterprise Linux For Arm 64 Version9.0_aarch64
RedhatEnterprise Linux For Arm 64 Version9.2_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.4_aarch64
RedhatEnterprise Linux For Arm 64 Eus Version9.6_aarch64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.59% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.4 2.8 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://access.redhat.com/security/cve/CVE-2025-3155
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2357091
Third Party Advisory
Exploit
Issue Tracking
http://www.openwall.com/lists/oss-security/2025/04/04/1
Mailing List
https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2
Third Party Advisory
Exploit
https://access.redhat.com/errata/RHSA-2025:4450
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4451
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4455
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4456
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4457
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4505
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:4532
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:7430
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:7569
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html
Mailing List
https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html
Mailing List
https://gitlab.gnome.org/GNOME/yelp/-/issues/221