Home > Vulnerability Database > CVE-2025-3155

Mend.io Vulnerability Database

CVE-2025-3155

Date: April 3, 2025

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Severity Score

7.4

Related Resources (17)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2357091

Url: http://www.openwall.com/lists/oss-security/2025/04/04/1

Url: https://access.redhat.com/errata/RHSA-2025:7430

Url: https://access.redhat.com/errata/RHSA-2025:4505

Url: https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html

Url: https://access.redhat.com/errata/RHSA-2025:4457

Url: https://access.redhat.com/errata/RHSA-2025:4456

Url: https://access.redhat.com/errata/RHSA-2025:4455

Url: https://access.redhat.com/errata/RHSA-2025:4532

Url: https://access.redhat.com/errata/RHSA-2025:7569

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-3155

Url: https://access.redhat.com/errata/RHSA-2025:4451

Url: https://access.redhat.com/errata/RHSA-2025:4450

Url: https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2

Url: https://access.redhat.com/security/cve/CVE-2025-3155

Url: https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html

Url: https://www.mend.io/vulnerability-database/CVE-2025-3155

Severity Score

7.4

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Inclusion of Functionality from Untrusted Control Sphere

CWE-829

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-3155

Date: April 3, 2025

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?