What is the CVSS score of CVE-2025-3839?

CVE-2025-3839 has a CVSS 3.1 base score of 8.0 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Suse are affected by CVE-2025-3839?

CVE-2025-3839 affects Epiphany's URL handler mechanism, which could allow attackers to remotely exploit vulnerabilities in third-party applications through malicious web content.. A patch is available.

How to fix or mitigate CVE-2025-3839?

Within 24 hours: Inventory all systems running Epiphany and assess exposure in your environment; disable Epiphany's external URL handler functionality if operationally feasible. Within 7 days: Implement network-level restrictions on URL handler protocols and conduct user awareness training on suspicious link interactions. Within 30 days: Monitor vendor communications for patch availability; evaluate alternative browsers or endpoint isolation strategies; conduct security assessments of connected third-party applications that may be exploited via this vector.

Suse CVE-2025-3839

HIGH

Product UI does not Warn User of Unsafe Actions (CWE-356)

2026-01-23 patrick@puiterwijk.org

RCE Suse

8.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Apr 06, 2026 - 02:30 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 23, 2026 - 05:16 nvd

HIGH 8.0

DescriptionNVD

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior.

AnalysisAI

Technical ContextAI

Affected ProductsAI

Component: those.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2025-3839 vulnerability details – vuln.today

Back

Suse CVE-2025-3839

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code