Critical severityOSV Advisory· Published Dec 9, 2025· Updated Dec 9, 2025
Emby Server allows attackers to gain administrative server access without preconditions
CVE-2025-64113
Description
Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby Server administration, not at the OS level). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable. This issue is fixed in version 4.9.1.81.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
MediaBrowser.Server.CoreNuGet | < 4.9.1.81 | 4.9.1.81 |
Affected products
3- Range: 3.2.31, 3.2.32.0, 3.2.33.0, …
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-95fv-5gfj-2r84ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-64113ghsaADVISORY
- github.com/EmbySupport/Emby.Security/security/advisories/GHSA-95fv-5gfj-2r84ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.