CVE-2025-3839

EUVD-2026-4436
A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
fedoraCNA
8 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
epiphany-browser
bookworm
no-dsa
bullseye
postponed
bullseye (security)
vulnerable
forky
49.2-3
fixed
sid
49.2-3
fixed
trixie
48.5-0+deb13u1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-3839
https://bugzilla.redhat.com/show_bug.cgi?id=2361430