Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: epiphany

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2025-3839

8.0 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 2 months, 3 weeks ago

Epiphany: insecure external protocol invocation in epiphany

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior.

References

https://access.redhat.com/security/cve/CVE-2025-3839 vdb-entryx_refsource_REDHAT
RHBZ#2361430 issue-trackingx_refsource_REDHAT

Affected products

epiphany

<48.1
<47.5

Matching in nixpkgs

pkgs.epiphany

WebKit based web browser for GNOME

nixos-unstable 48.5
- nixpkgs-unstable 48.5
- nixos-unstable-small 48.5
nixos-25.11 49.2
- nixpkgs-25.11-darwin 49.2

pkgs.pantheon.epiphany

WebKit based web browser for GNOME

nixos-unstable 48.5
- nixpkgs-unstable 48.5
- nixos-unstable-small 48.5
nixos-25.11 49.2
- nixpkgs-25.11-darwin 49.2

Package maintainers

@davidak David Kleuker <post@davidak.de>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>

1