CVE-2025-3155

Name of the Vulnerable Software and Affected Versions Yelp versions prior to 42.2 Yelp versions prior to 3.38.3-1+deb11u1 Yelp versions prior to 3.36.2-0ubuntu1.1 Yelp-xsl versions prior to 42.1-2+deb12u1 Yelp-xsl versions prior to 3.36.0-1ubuntu0.1

Description A flaw in the Gnome user help application allows help documents to execute arbitrary scripts. This issue stems from the incorrect handling of paths in ghelp URLs and the inclusion of functions from an untrusted controlled area when processing documents using the ghelp scheme. A remote attacker can exploit this by tricking a user into opening a specially crafted help file, which may lead to arbitrary code execution and the exfiltration of sensitive user files, such as SSH keys, to an external environment.

Recommendations Update to version 42.2 or later. Update to version 3.38.3-1+deb11u1. Update to version 3.36.2-0ubuntu1.1. Update yelp-xsl to version 42.1-2+deb12u1. Update yelp-xsl to version 3.36.0-1ubuntu0.1.