Emby Server allows attackers to gain administrative server access without...

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Description

Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby Server administration, not at the OS level). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable. This issue is fixed in version 4.9.1.81.

AI Analysis

Emby Server allows attackers to gain full administrative access without preconditions

Basic Information

ID CVE-2025-64113

Source GitHub_M

Published Dec 9, 2025 at 19:21

Affected Product

Vendor EmbySupport

Product security

Version < 4.9.1.81

Affected Versions EmbySupport security < 4.9.1.81

CWE Classification

CWE-640

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor EmbySupport

Product Emby Server

Version < 4.9.1.81

References

github.com /EmbySupport/Emby.Security/security/advisories/GHSA-95fv-5gfj-2r84

{
    "lastseen": "",
    "description": "Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby Server administration, not at the OS level). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable. This issue is fixed in version 4.9.1.81.",
    "published": "2025-12-09T19:21:12.232Z",
    "modified": "2025-12-09T19:21:12.232Z",
    "type": "cve",
    "title": "Emby Server allows attackers to gain administrative server access without preconditions",
    "source": "GitHub_M",
    "references": "https://github.com/EmbySupport/Emby.Security/security/advisories/GHSA-95fv-5gfj-2r84",
    "id": "CVE-2025-64113",
    "bulletinFamily": "",
    "cwe": [
        "CWE-640"
    ],
    "cvelist": null,
    "sourceData": "EmbySupport security < 4.9.1.81",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "security",
    "version": "< 4.9.1.81",
    "vendor": "EmbySupport",
    "ai_description": "Emby Server allows attackers to gain full administrative access without preconditions",
    "ai_severity": "Critical",
    "ai_vendor": "EmbySupport",
    "ai_product": "Emby Server",
    "ai_version": "< 4.9.1.81",
    "ai_score": 9.3
}

Emby Server allows attackers to gain administrative server access without preconditions_CVE-2025-64113