Cyber Resilience

CVE-2025-3155

HighPublic PoC

Published: 03 April 2025

Published
03 April 2025
Modified
12 August 2025
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
EPSS Score 0.0131 80.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3155 is a high-severity Open Redirect (CWE-601) vulnerability in Redhat Enterprise Linux Server Aus. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 19.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A flaw in the Yelp GNOME user help application permits help documents to execute arbitrary scripts. The issue stems from insufficient restrictions on script execution within rendered help content, enabling crafted documents to access and transmit local user files to external locations. The vulnerability carries a CVSS 3.1 score of 7.4 with network attack vector, low complexity, no required privileges, and required user interaction.

An attacker can supply a malicious help document that a victim opens in Yelp, resulting in unauthorized exfiltration of files from the user's environment. Because the attack requires the victim to load the document, it is typically delivered through shared files, web downloads, or other user-initiated channels. The changed scope in the CVSS rating indicates the script execution can affect resources beyond the immediate Yelp process.

Red Hat has published errata RHSA-2025:4450, RHSA-2025:4451, RHSA-2025:4455, RHSA-2025:4456, and RHSA-2025:4457 that address the issue through updated packages. The EPSS score remains flat at 0.0131 with no observed increase after disclosure.

EU & UK References

Vulnerability details

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

CVE-2025-3155 enables arbitrary script execution via malicious help documents in Yelp (GNOME help viewer), facilitating T1203 (Exploitation for Client Execution) and T1005 (Data from Local System) through arbitrary file reads and potential exfiltration.

Affected Assets

gnome
yelp
42.2-8
debian
debian linux
11.0
redhat
codeready linux builder
8.0, 9.0
redhat
codeready linux builder for arm64
8.0_aarch64, 9.0_aarch64
redhat
codeready linux builder for arm64 eus
8.8_aarch64, 9.2_aarch64, 9.4_aarch64, 9.6_aarch64
redhat
codeready linux builder for eus
8.8, 9.2, 9.4
redhat
codeready linux builder for ibm z systems
8.0_s390x, 9.0_s390x
redhat
codeready linux builder for ibm z systems eus
8.8_s390x, 9.2_s390x, 9.4_s390x, 9.6_s390x
redhat
codeready linux builder for power little endian
8.0_ppc64le, 9.0_ppc64le
redhat
codeready linux builder for power little endian eus
8.8_ppc64le, 9.2_ppc64le, 9.4_ppc64le, 9.6_ppc64le
+11 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-601

Security awareness includes verifying URLs and avoiding untrusted redirects that lead to malicious sites.

addresses: CWE-601

Validates redirect targets and URLs to ensure they conform to allowed destinations.

References