CVE-2025-64113
CRITICALDescription
Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby Server administration, not at the OS level). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable. This issue is fixed in version 4.9.1.81.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| emby | emby |
| emby | emby |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-64113? +
How severe is CVE-2025-64113? +
What products are affected by CVE-2025-64113? +
How do I check if I'm vulnerable to CVE-2025-64113? +
Related Vulnerabilities
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An …
Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server …
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPasswordReset` record already …
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, …
An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take …
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover.