CVE-2025-3155

NameCVE-2025-3155
DescriptionA flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1102080

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
yelp (PTS)bullseye3.38.3-1vulnerable
bookworm42.2-1vulnerable
sid, trixie42.2-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
yelpsource(unstable)(unfixed)1102080

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2357091
https://www.openwall.com/lists/oss-security/2025/04/04/1
https://gitlab.gnome.org/GNOME/yelp/-/issues/221

Search for package or bug name: Reporting problems