CVE-2025-3839HIGH 8.0EPSS p29.8%

CVE-2025-3839CVE-2025-3839

Description

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior.

Scoring

CVSS 3.18.0 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS0.38% probability of exploitation · percentile 29.8% · 2026-06-19T12:03:05Z
Published2026-01-23
Last modified2026-04-15

Underlying weaknesses· 1

CWE-356

References

  1. https://access.redhat.com/security/cve/CVE-2025-3839
  2. https://bugzilla.redhat.com/show_bug.cgi?id=2361430

1

TypeTargetConfidenceTier
WeaknessProduct UI does not Warn User of Unsafe Actionscwe-3560%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22918
CVE
CVE-2025-32348
CVE
CVE-2026-28301
CVE
CVE-2026-8551
CVE
CVE-2025-4052
CVE
CVE-2026-38978
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.