CVE-2025-3155
Published: 03 April 2025
Summary
CVE-2025-3155 is a high-severity Open Redirect (CWE-601) vulnerability in Redhat Enterprise Linux Server Aus. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 19.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A flaw in the Yelp GNOME user help application permits help documents to execute arbitrary scripts. The issue stems from insufficient restrictions on script execution within rendered help content, enabling crafted documents to access and transmit local user files to external locations. The vulnerability carries a CVSS 3.1 score of 7.4 with network attack vector, low complexity, no required privileges, and required user interaction.
An attacker can supply a malicious help document that a victim opens in Yelp, resulting in unauthorized exfiltration of files from the user's environment. Because the attack requires the victim to load the document, it is typically delivered through shared files, web downloads, or other user-initiated channels. The changed scope in the CVSS rating indicates the script execution can affect resources beyond the immediate Yelp process.
Red Hat has published errata RHSA-2025:4450, RHSA-2025:4451, RHSA-2025:4455, RHSA-2025:4456, and RHSA-2025:4457 that address the issue through updated packages. The EPSS score remains flat at 0.0131 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-9635
Vulnerability details
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-3155 enables arbitrary script execution via malicious help documents in Yelp (GNOME help viewer), facilitating T1203 (Exploitation for Client Execution) and T1005 (Data from Local System) through arbitrary file reads and potential exfiltration.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.