CVE-2025-3839

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-3839
https://bugzilla.redhat.com/show_bug.cgi?id=2361430

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en Epiphany, una herramienta que permite a los sitios web abrir aplicaciones de manejadores de URL externos con mínima interacción del usuario. Este diseño puede ser mal utilizado para explotar vulnerabilidades dentro de esos manejadores, haciéndolos parecer remotamente explotables. El navegador no logra advertir o restringir adecuadamente esta acción, lo que resulta en una posible ejecución de código en el dispositivo del cliente a través de un comportamiento de interfaz de usuario de confianza.

23 Jan 2026, 05:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-23 05:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-3839

Mitre link : CVE-2025-3839

CVE.ORG link : CVE-2025-3839

JSON object : View

Products Affected

No product.

CWE

CWE-356

Product UI does not Warn User of Unsafe Actions

8.0 /10