QwikSec

Security Database

CVE

CWE

Training

CVE-2025-64325

Published: Nov 18, 2025

Modified: Nov 19, 2025

PUBLISHED

Description

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has been patched in version 4.8.1.0 and Beta version 4.9.0.0-beta.

Vendor	Product	Versions
EmbySupport	Emby.Security	affected `Emby Server (Web App) < 4.8.1.0` affected `Emby Server Beta (Web App) < 4.9.0.0-beta`

Weaknesses (CWE)

References

https://github.com/EmbySupport/Emby.Security/security/advisories/GHSA-2gwc-988r-2r7x

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.