A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
Security readout for executives and security teams
CVE-2025-3155 affects Yelp, the GNOME help viewer. A crafted help document can run arbitrary scripts and read local user files, potentially sending them outside the system. The weakness requires user interaction, but the impact is high because confidential files may be exposed. Exposure is most likely on Linux desktop or workstation systems where Yelp or yelp-xsl is installed, especially affected RHEL 7, RHEL 8, RHEL 9, and listed extended-support variants. Server-only systems without the GNOME help stack are less likely to be exposed. Prioritize patching managed Linux desktop environments and privileged admin workstations. Business urgency is driven by potential data exposure from local user files, but the requirement for user interaction and lack of confirmed active exploitation keep this below emergency critical response. Mitigation focus: Apply relevant Red Hat security advisories for yelp and yelp-xsl packages.; Check GNOME, Debian, and vendor guidance for fixed package versions.; Restrict opening untrusted help documents until updates are deployed..
Prepared
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-601: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references file access or upload behavior, so file telemetry and web shell review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-601 · source CWE mapping
URL Redirection to Untrusted Site ('Open Redirect')
URL Redirection to Untrusted Site ('Open Redirect') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.