What is CVE-2025-3155?

CVE-2025-3155 is a high-severity vulnerability in Gnome Yelp, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 7.4/10. Published 2025-04-03.

How severe is CVE-2025-3155?

High severity. CVSS v3 base score is 7.4 out of 10.

Is CVE-2025-3155 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Open Redirect in Gnome Yelp

CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Vulnerability class: Open Redirect

EPSS: 0.103 (95.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N.

Affected products

Gnome Yelp — versions 42.2-8
Debian Debian_linux — versions 11.0
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8 — versions 2:3.28.1-3.el8_10.1, 0:3.28.0-2.el8_10.1
Red Hat Enterprise Linux 8.2 Advanced Update Support — versions 2:3.28.1-3.el8_2.1
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support — versions 2:3.28.1-3.el8_4.1
Red Hat Enterprise Linux 8.4 Telecommunications Update Service — versions 2:3.28.1-3.el8_4.1
Red Hat Enterprise Linux 8.4 Update Services For Sap Solutions — versions 2:3.28.1-3.el8_4.1
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support — versions 2:3.28.1-3.el8_6.1

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, Third Party Advisory, vdb-entry)

Frequently asked questions

What is CVE-2025-3155?: CVE-2025-3155 is a high-severity vulnerability in Gnome Yelp, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 7.4/10. Published 2025-04-03.
How severe is CVE-2025-3155?: High severity. CVSS v3 base score is 7.4 out of 10.
Is CVE-2025-3155 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.