Untriaged
Permalink
CVE-2025-3839
8.0 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Epiphany: insecure external protocol invocation in epiphany
A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior.
References
- https://access.redhat.com/security/cve/CVE-2025-3839 x_refsource_REDHAT vdb-entry
- RHBZ#2361430 issue-tracking x_refsource_REDHAT
Affected products
epiphany
- <47.5
- <48.1
Package maintainers
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@davidak David Kleuker <post@davidak.de>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>