CVE-2025-3155

Published Apr 3, 2025

Last updated 17 days ago

CVSS high 7.4
Yelp

Overview

Description
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
Source
secalert@redhat.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.4
Impact score
4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-829

Social media

Hype score
Not currently trending

  1. Yelp の脆弱性 CVE-2025-3155:URI スキームを悪用する情報窃取 PoC https://t.co/1PoB8gOGrZ GNOME のデフォルトのヘルプビューアである Yelp に、脆弱性が発見されました。PoC エクスプロイトが提供されたことで、悪用の可能性も高まります。ご利用のチームは、お気をつけください。 #CVE20253155

    @iototsecnews

    22 Apr 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Michael Catanzaro: Dangerous Arbitrary File Read Vulnerability in Yelp (CVE-2025-3155) https://t.co/Q3RSFrc55j

    @Un1v3rs0Z3r0

    16 Apr 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-3155 : PoC Released for Yelp Flaw Can Expose SSH Keys on Ubuntu Systems https://t.co/rkxT22VxUX https://t.co/qpIEBHVcwR

    @freedomhack101

    9 Apr 2025

    61 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. UbuntuのデフォルトヘルプブラウザYelpの脆弱性を使用し、SSH秘密鍵を露出させるPoC(攻撃の概念実証コード)が公表された。CVE-2025-3155はヘルプ文書を読み込んだ際にXSLT処理→SVGスクリプトインジェクションにより任意のコードを実行させられるもの。 https://t.co/1vV4GqYOQR

    @__kokumoto

    8 Apr 2025

    2912 Impressions

    12 Retweets

    42 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

  5. PoC released for Yelp flaw (CVE-2025-3155)—exposes SSH keys on Ubuntu systems via improper file handling. Patch immediately: https://t.co/nquldMgAJ9 #CyberSecurity #Linux

    @adriananglin

    8 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. PoC Released for CVE-2025-3155: Yelp Flaw Can Expose SSH Keys on Ubuntu Systems https://t.co/wjGWzf8lD9

    @Dinosn

    8 Apr 2025

    3923 Impressions

    27 Retweets

    57 Likes

    14 Bookmarks

    1 Reply

    0 Quotes

  7. CVE-2025-3155 writeup It's about exfiltrating files using the GNOME Help application. It isn't severe as it requires some user interaction, but it's a fun bug. https://t.co/otshrbhEqn

    @parrot409

    5 Apr 2025

    4730 Impressions

    12 Retweets

    65 Likes

    30 Bookmarks

    2 Replies

    1 Quote

  8. CVE-2025-3155 A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help… https://t.co/NHag5Vfeey

    @CVEnew

    3 Apr 2025

    149 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References