Fluid Attacks Database

Description

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	yelp	=3.38.3-1 \|\| >=0 <3.38.3-1+deb11u1	3.38.3-1+deb11u1
debian 12	yelp	=42.2-1 \|\| >=0 <42.2-1+deb12u1	42.2-1+deb12u1
debian 13	yelp	>=0 <42.2-3	42.2-3
debian 14	yelp	>=0 <42.2-3	42.2-3
debian 11	yelp-xsl	=3.38.3-1 \|\| >=0 <3.38.3-1+deb11u1	3.38.3-1+deb11u1
debian 12	yelp-xsl	=42.1-2 \|\| >=0 <42.1-2+deb12u1	42.1-2+deb12u1
debian 13	yelp-xsl	>=0 <42.1-4	42.1-4
debian 14	yelp-xsl	>=0 <42.1-4	42.1-4
rpm rhel9.4	yelp	<2:40.3-2.el9_4.1	2:40.3-2.el9_4.1
rpm rhel6	yelp	-	-

1-10 of 16

Aliases

1. CVE-2025-31552. NVD-2025-31553. OSV-DEBIAN-2025-31554. OSV-2025-31555. SECURITY-TRACKER-CVE-2025-3155

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.