216.73.217.64

CVE-2025-64325

· Published 18/11/2025 23:15 · Modified 19/11/2025 19:14

Labels: CVE-2025-64325 2025-11-18CVE-2025-64325CWE-79[email protected]

Essential information

Published
18/11/2025 23:15
Modified
19/11/2025 19:14
Author
Creator
CVSS
8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has been patched in version 4.8.1.0 and Beta version 4.9.0.0-beta.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References