vulnerability
Ubuntu: USN-7447-1 (CVE-2025-3155): Yelp vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:C/I:N/A:N) | Apr 3, 2025 | Apr 24, 2025 | Aug 18, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:C/I:N/A:N)
Published
Apr 3, 2025
Added
Apr 24, 2025
Modified
Aug 18, 2025
Description
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
Solutions
ubuntu-upgrade-yelpubuntu-upgrade-yelp-xsl
References
- CVE-2025-3155
- https://attackerkb.com/topics/CVE-2025-3155
- CWE-601
- UBUNTU-USN-7447-1
- URL-https://access.redhat.com/security/cve/CVE-2025-3155
- URL-https://blogs.gnome.org/mcatanzaro/2025/04/15/dangerous-arbitrary-file-read-vulnerability-in-yelp-cve-2025-3155/
- URL-https://ubuntu.com/security/notices/USN-7447-1
- URL-https://www.cve.org/CVERecord?id=CVE-2025-3155
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.