Untriaged
Permalink
CVE-2025-3155
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Yelp: arbitrary file read
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
References
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 exploit
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 exploit
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- RHSA-2025:4456 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4457 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- RHSA-2025:4450 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4451 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4455 vendor-advisory x_refsource_REDHAT
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 exploit
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- RHSA-2025:4450 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4451 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4455 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4456 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4457 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4505 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4532 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 exploit
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- RHSA-2025:4450 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4451 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4455 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4456 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4457 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4505 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4532 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7430 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 exploit
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- RHSA-2025:4450 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4451 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4455 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4456 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4457 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4505 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4532 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7430 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7569 vendor-advisory x_refsource_REDHAT
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 exploit
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- RHSA-2025:4450 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4451 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4455 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4456 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4457 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4505 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4532 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7430 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7569 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 exploit
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- RHSA-2025:4456 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4457 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4505 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4532 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7430 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7569 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- RHSA-2025:4450 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4451 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4455 vendor-advisory x_refsource_REDHAT
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 exploit
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html
- RHSA-2025:4532 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7430 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7569 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- RHSA-2025:4450 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4451 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4455 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4456 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4457 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4505 vendor-advisory x_refsource_REDHAT
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 exploit
- https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html
- RHSA-2025:4450 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4451 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4455 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4456 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4457 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4505 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4532 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7430 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7569 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 exploit
- https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html
- RHSA-2025:4450 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4451 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4455 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4456 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4457 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4505 vendor-advisory x_refsource_REDHAT
- RHSA-2025:4532 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7430 vendor-advisory x_refsource_REDHAT
- RHSA-2025:7569 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-3155 x_refsource_REDHAT vdb-entry
- RHBZ#2357091 issue-tracking x_refsource_REDHAT
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2 exploit
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html
Affected products
yelp
- <42.2-8
- *
yelp-xsl
- *
Matching in nixpkgs
pkgs.yelp-xsl
Yelp's universal stylesheets for Mallard and DocBook
-
nixos-unstable -
- nixpkgs-unstable 42.4
pkgs.yelp-tools
Small programs that help you create, edit, manage, and publish your Mallard or DocBook documentation
-
nixos-unstable -
- nixpkgs-unstable 42.1
Package maintainers
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>