CVE-2025-64325

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Emby Server versions prior to 4.8.1.0 Emby Server versions prior to 4.9.0.0-beta

Description Emby Server is a personal media server. A malicious user can send an authentication request with a manipulated X-Emby-Client value. This value is added to the devices section of the admin dashboard without proper sanitization, potentially allowing for malicious actions.

Recommendations Update Emby Server to version 4.8.1.0 or later. Update Emby Server to Beta version 4.9.0.0-beta or later.

Exploit

Fix

RCE

Improper Encoding or Escaping of Output

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-79

Related Identifiers

CVE-2025-64325

GHSA-2GWC-988R-2R7X

Affected Products

Emby Server

CVE-2025-64325

Weakness Enumeration

Related Identifiers

Affected Products

References · 8