CVE-2025-3155
📋 TL;DR
CVE-2025-3155 is a vulnerability in Yelp (the GNOME help application) that allows malicious help documents to execute arbitrary scripts. This could enable attackers to exfiltrate user files to external systems. Users of GNOME desktop environments with Yelp installed are affected.
💻 Affected Systems
- Yelp (GNOME help viewer)
📦 What is this software?
Codeready Linux Builder For Arm64 by Redhat
Codeready Linux Builder For Arm64 by Redhat
Codeready Linux Builder For Arm64 Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Arm64 Eus →
Codeready Linux Builder For Arm64 Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Arm64 Eus →
Codeready Linux Builder For Arm64 Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Arm64 Eus →
Codeready Linux Builder For Arm64 Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Arm64 Eus →
Codeready Linux Builder For Ibm Z Systems by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems →
Codeready Linux Builder For Ibm Z Systems by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems →
Codeready Linux Builder For Ibm Z Systems Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems Eus →
Codeready Linux Builder For Ibm Z Systems Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems Eus →
Codeready Linux Builder For Ibm Z Systems Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems Eus →
Codeready Linux Builder For Ibm Z Systems Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems Eus →
Codeready Linux Builder For Power Little Endian by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian →
Codeready Linux Builder For Power Little Endian by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Enterprise Linux Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →
Yelp by Gnome
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through arbitrary code execution leading to data theft, persistence installation, and lateral movement.
Likely Case
Local file exfiltration and limited system access through script execution in user context.
If Mitigated
No impact if Yelp is not used or properly restricted, or if malicious help documents are blocked.
🎯 Exploit Status
Requires user interaction to open malicious help document. No public exploit code identified yet.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific Red Hat advisories for version numbers
Vendor Advisory: https://access.redhat.com/errata/RHSA-2025:4450
Restart Required: No
Instructions:
1. Update Yelp package using system package manager. 2. For Red Hat systems: 'yum update yelp' or 'dnf update yelp'. 3. For other distributions, use appropriate package manager commands.
🔧 Temporary Workarounds
Disable Yelp or restrict help document sources
linuxPrevent Yelp from executing scripts or only allow trusted help document sources
sudo apt remove yelp
sudo yum remove yelp
User education and policy
allTrain users not to open help documents from untrusted sources
🧯 If You Can't Patch
- Restrict Yelp execution through application control policies
- Monitor for suspicious file access patterns from Yelp process
🔍 How to Verify
Check if Vulnerable:
Check Yelp version against patched versions in Red Hat advisoriesCheck Version:
yelp --version or rpm -q yelp or dpkg -l yelpVerify Fix Applied:
Verify Yelp package version matches patched version from vendor📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from Yelp process
- Network connections from Yelp to external systems
Network Indicators:
- Outbound connections from Yelp process to unexpected destinations
SIEM Query:
process_name='yelp' AND (file_access_pattern='*' OR network_connection='*')🔗 References
- https://access.redhat.com/errata/RHSA-2025:4450
- https://access.redhat.com/errata/RHSA-2025:4451
- https://access.redhat.com/errata/RHSA-2025:4455
- https://access.redhat.com/errata/RHSA-2025:4456
- https://access.redhat.com/errata/RHSA-2025:4457
- https://access.redhat.com/errata/RHSA-2025:4505
- https://access.redhat.com/errata/RHSA-2025:4532
- https://access.redhat.com/errata/RHSA-2025:7430
- https://access.redhat.com/errata/RHSA-2025:7569
- https://access.redhat.com/security/cve/CVE-2025-3155
- https://bugzilla.redhat.com/show_bug.cgi?id=2357091
- http://www.openwall.com/lists/oss-security/2025/04/04/1
- https://lists.debian.org/debian-lts-announce/2025/05/msg00036.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00037.html
- https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2
