CVE-2025-3155 is a vulnerability identified in the Yelp help application component of Red Hat Enterprise Linux 8. The flaw is characterized as an 'Open Redirect' that enables execution of arbitrary scripts embedded within help documents. Specifically, the vulnerability allows attackers to craft malicious help documents that, when accessed by a user, can execute scripts capable of exfiltrating sensitive user files to external, untrusted environments. The vulnerability does not require any privileges (AV:N) but does require user interaction (UI:R) to trigger. The scope is classified as changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact is high on confidentiality (C:H), with no impact on integrity (I:N) or availability (A:N). The CVSS 3.1 base score is 7.4, reflecting a high severity level. Although no known exploits have been reported in the wild, the potential for data leakage and privacy breaches is significant. The vulnerability stems from insufficient validation and sanitization of help document content, allowing malicious scripts to run in the context of the user. This can lead to unauthorized data exfiltration and privacy violations. The vulnerability affects Red Hat Enterprise Linux 8 systems that use the Yelp help application, a common component in GNOME desktop environments. Given the widespread use of Red Hat Enterprise Linux in enterprise and government environments, the vulnerability presents a notable risk vector for targeted attacks or opportunistic exploitation.

The primary impact of CVE-2025-3155 is the compromise of confidentiality through unauthorized exfiltration of user files. Organizations relying on Red Hat Enterprise Linux 8 with the Yelp help application may face data leakage risks, including exposure of sensitive or proprietary information. Since the vulnerability requires user interaction, phishing or social engineering attacks could be used to lure users into opening malicious help documents. The integrity and availability of systems remain unaffected, but the breach of confidentiality can lead to secondary impacts such as regulatory non-compliance, reputational damage, and potential follow-on attacks leveraging stolen data. The vulnerability's ease of exploitation without privileges increases the attack surface, especially in environments with multiple users or less restrictive endpoint controls. The lack of known exploits in the wild suggests that proactive mitigation can prevent widespread exploitation, but the potential for targeted attacks against high-value targets remains significant.

1. Apply patches or updates from Red Hat as soon as they become available to address the vulnerability in the Yelp help application. 2. Until patches are available, consider disabling the Yelp help application or restricting its use to trusted users only. 3. Implement strict content validation and sanitization for help documents to prevent execution of arbitrary scripts. 4. Educate users about the risks of opening unsolicited or suspicious help documents, emphasizing caution with user interaction triggers. 5. Monitor network traffic for unusual outbound connections or data exfiltration attempts originating from user workstations running Red Hat Enterprise Linux 8. 6. Employ endpoint detection and response (EDR) tools to detect anomalous script execution or file access patterns related to the Yelp application. 7. Restrict network egress points to limit unauthorized data flows to external, untrusted sites. 8. Review and harden user permissions and application sandboxing to minimize the impact of potential script execution within help documents.