CVE-2025-64113

EPSS 0.03%
Veröffentlicht 09.12.2025 19:21:12
Zuletzt bearbeitet 24.02.2026 19:58:28
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby Server administration, not at the OS level). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable. This issue is fixed in version 4.9.1.81.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emby ≫ Emby Version < 4.9.1.90

Emby ≫ Emby Version4.9.2.6 Updatebeta

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://github.com/EmbySupport/Emby.Security/security/advisories/GHSA-95fv-5gfj-2r84

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2025-64113

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64113

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64113

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-64113