CVE-2025-3155

HIGH

CVSS v3.1: 7.4 · EPSS: 0.1060 (95.2 percentile)

EPSS highNetworkNo privileges

Source data as of:

At a glance

Severity
HIGH
CVSS
7.4 v3.1 · NVD
EPSS
0.1060 (95.2 percentile) · FIRST.org
CISA KEV
No
Attack conditions (CVSS vector)
NetworkNo privileges · Source: NVD Vector
Affected vendors
redhat, gnome, debian
Published
2025-04-03 · Modified: 2026-06-25
References
Jump to references (8)

CVSS / EPSS / KEV

CVSS v3.1 7.4 / 10 HIGH Source: NVD
EPSS 0.1060 95.2 percentile Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Record details

CVE ID
CVE-2025-3155
CVSS (v3.1)
7.4 (HIGH)
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Exploitability subscore
2.8
Impact subscore
4.0
EPSS
0.1060 (95.2 percentile) — 2026-06-26
CISA KEV
No
Weakness (CWE)
CWE-601
Affected vendors
redhat, gnome, debian
Affected configurations (CPE)
63
Published
2025-04-03
Modified
2026-06-25
Status
Modified

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Related records

Other records sharing a factual facet, for cross-reference. A descriptive neighbourhood — ordering does not imply priority and is not a recommendation.

Same affected vendor

CVE-2026-1784 HIGH CVSS 8.8 CVE-2025-5318 HIGH CVSS 8.1 CVE-2024-45782 HIGH CVSS 7.8 CVE-2025-0678 HIGH CVSS 7.8

Same weakness type (CWE)

CVE-2026-53662 CRITICAL CVSS 9.6 CVE-2026-54588 CRITICAL CVSS 9.6 CVE-2026-40080 MEDIUM CVSS 6.1 CVE-2026-56326 MEDIUM CVSS 6.1

Published the same year

CVE-2025-71338 CRITICAL CVSS 10.0 CVE-2025-71334 CRITICAL CVSS 9.8 CVE-2025-71336 CRITICAL CVSS 9.8 CVE-2025-9953 CRITICAL CVSS 9.8
← Back to all records