Security Flaw in Yelp Help Viewer (CVE-2025-3155)

CVE-2025-3155 is a vulnerability in the GNOME Yelp help browser (<= 42.1) that allows attackers to craft Mallard.page files using XInclude to read arbitrary local files and embed SVG/JavaScript to exfiltrate that data when a user opens the file (including via ghelp:// links). The report describes the exploitation steps, real-world impact (exposure of SSH keys, password stores, and potential footholds), evidence of use by threat groups, and recommended mitigations such as updating to Yelp 42.2+, restricting ghelp:// usage, hardening file permissions, monitoring, and user education.