CVE-2025-3155
Publication date 3 April 2025
Last updated 23 April 2025
Ubuntu priority
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| yelp | 25.04 plucky |
Fixed 42.2-2ubuntu0.1
|
| 24.10 oracular |
Fixed 42.2-1ubuntu0.24.10.1
|
|
| 24.04 LTS noble |
Fixed 42.2-1ubuntu0.24.04.1
|
|
| 22.04 LTS jammy |
Fixed 42.1-1ubuntu0.1
|
|
| 20.04 LTS focal |
Fixed 3.36.2-0ubuntu1.1
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.4 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-7447-1
- Yelp vulnerability
- 23 April 2025