Home > Vulnerability Database > CVE-2025-3839

Mend.io Vulnerability Database

CVE-2025-3839

Good to know:

Date: January 22, 2026

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior.

Severity Score

8.0

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-3839

Url: https://access.redhat.com/security/cve/CVE-2025-3839

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2361430

Url: https://www.mend.io/vulnerability-database/CVE-2025-3839

Severity Score

8.0

Weakness Type (CWE)

Product UI does not Warn User of Unsafe Actions

CWE-356

Top Fix

Upgrade Version

Upgrade to version https://gitlab.gnome.org/GNOME/epiphany.git - 47.5;https://gitlab.gnome.org/GNOME/epiphany.git - 48.1

Learn More

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-3839

Good to know:

Date: January 22, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?