CVE-2025-3155

Sažetak

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Reference

https://access.redhat.com/errata/RHSA-2025:4450
https://access.redhat.com/errata/RHSA-2025:4451
https://access.redhat.com/errata/RHSA-2025:4455
https://access.redhat.com/errata/RHSA-2025:4456
https://access.redhat.com/errata/RHSA-2025:4457
https://access.redhat.com/errata/RHSA-2025:4505
https://access.redhat.com/errata/RHSA-2025:4532
https://access.redhat.com/errata/RHSA-2025:7430
https://access.redhat.com/errata/RHSA-2025:7569
https://access.redhat.com/security/cve/CVE-2025-3155
https://bugzilla.redhat.com/show_bug.cgi?id=2357091
http://www.openwall.com/lists/oss-security/2025/04/04/1
https://gist.github.com/parrot409/e970b155358d45b298d7024edd9b17f2

CVSS

Base:	7.4
Impact:	4.0
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Zadnje važnije ažuriranje

14-05-2025 - 16:15

Objavljeno

03-04-2025 - 14:15