Unrated severityNVD Advisory· Published Apr 3, 2025· Updated Nov 11, 2025
Yelp: arbitrary file read
CVE-2025-3155
Description
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17(expand)+ 1 more
- (no CPE)
- (no CPE)
- osv-coords15 versionspkg:rpm/almalinux/yelppkg:rpm/almalinux/yelp-develpkg:rpm/almalinux/yelp-libspkg:rpm/almalinux/yelp-xslpkg:rpm/opensuse/yelp&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/yelp&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/yelp-xsl&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/yelp-xsl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/yelp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/yelp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/yelp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/yelp&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/yelp-xsl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/yelp-xsl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/yelp-xsl&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 2:40.3-2.el9_6.1+ 14 more
- (no CPE)range: < 2:40.3-2.el9_6.1
- (no CPE)range: < 2:40.3-2.el9_6.1
- (no CPE)range: < 2:40.3-2.el9_6.1
- (no CPE)range: < 3.28.0-2.el8_10.1
- (no CPE)range: < 42.2-150600.3.3.1
- (no CPE)range: < 42.2-4.1
- (no CPE)range: < 41.1-150400.3.3.1
- (no CPE)range: < 42.1-2.1
- (no CPE)range: < 42.2-150600.3.3.1
- (no CPE)range: < 42.2-150600.3.3.1
- (no CPE)range: < 3.20.1-7.3.1
- (no CPE)range: < 3.20.1-7.3.1
- (no CPE)range: < 41.1-150400.3.3.1
- (no CPE)range: < 41.1-150400.3.3.1
- (no CPE)range: < 3.20.1-6.3.1
Patches
Vulnerability mechanics
References
11- access.redhat.com/errata/RHSA-2025:4450mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:4451mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:4455mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:4456mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:4457mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:4505mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:4532mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:7430mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:7569mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2025-3155mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.