CVE-2021-25827

Name of the Vulnerable Software and Affected Versions Emby Server versions prior to 4.7.12.0

Description The issue allows for a login bypass attack by setting the X-Forwarded-For header to a local IP address. This enables unauthorized access without proper credentials.

Recommendations For versions prior to 4.7.12.0, update to version 4.7.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Emby Server to minimize the risk of exploitation. Avoid using the X-Forwarded-For header in authentication processes until the issue is resolved.