Mageia: yelp Important Remote Code Exec CVE-2025-3155 Advisory 2025-0297
mageia
November 15, 2025
MGASA-2025-0297 - Updated yelp & yelp-xsl packages fix security vulnerability
Summary
Description:
The Gnome user help application allows the help document to execute
arbitrary scripts. This vulnerability allows malicious users to input
help documents, which may exfiltrate user files to an external
environment. (CVE-2025-3155)
References
- https://bugs.mageia.org/show_bug.cgi?id=34173
- https://www.openwall.com/lists/oss-security/2025/04/04/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27Z5WA2SKQGJ4UVVHUNWY73Y4PNKT3AA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNBXVCRWOMV4OCPACFVW6R4I6T4PSAEM/
-
- https://www.cve.org/CVERecord?id=CVE-2025-3155
Resolution
SRPMS
- 9/core/yelp-42.2-1.1.mga9
- 9/core/yelp-xsl-42.1-1.1.mga9
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 15 Nov 2025
URL: https://advisories.mageia.org/MGASA-2025-0297.html
Type: security
CVE: CVE-2025-3155
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!