FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Yelp -- arbitrary file read

Affected packages
yelp-xsl < 42.3

Details

VuXML ID 9449f018-84a3-490d-959f-38c05fbc77a7
Discovery 2025-04-03
Entry 2025-06-14

secalert@redhat.com reports:

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

[source]

References

CVE Name CVE-2025-3155
URL https://nvd.nist.gov/vuln/detail/CVE-2025-3155

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.