A critical vulnerability in GNOME's Yelp help viewer identified as CVE-2025-3155 has led to a security breach enabling attackers to exfiltrate SSH keys and sensitive files from Ubuntu systems. The exploit takes advantage of improper handling of ghelp:// URI scheme and XML processing. The vulnerability, with a moderate CVSS score of 6.5, requires user interaction to trigger the attack, making social engineering a viable threat. The potential impact includes theft of credentials and sensitive information that could be used for lateral movement within networks. System administrators must stay vigilant by educating users and monitoring endpoints until an official patch is released.
Source: https://cybersecuritynews.com/poc-exploit-yelp-flaw-ssh-keys/
"id": "gno007040925",
"linkid": "gnome-games",
"type": "Vulnerability",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"