exploitDog

CVE-2025-64325

Опубликовано: 18 нояб. 2025

Источник: nvd

CVSS3: 9

EPSS Низкий

Описание

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has been patched in version 4.8.1.0 and Beta version 4.9.0.0-beta.

Ссылки

https://github.com/EmbySupport/Emby.Security/security/advisories/GHSA-2gwc-988r-2r7x
Exploit
Vendor Advisory
https://github.com/EmbySupport/Emby.Security/security/advisories/GHSA-2gwc-988r-2r7x
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:emby:emby:*:*:*:*:*:*:*:*

Версия до 4.8.1.0 (исключая)

EPSS

Процентиль: 24%

0.00084

Низкий

9 Critical

CVSS3

Дефекты

CWE-79

CWE-79

EPSS

Процентиль: 24%

0.00084

Низкий

9 Critical

CVSS3

Дефекты

CWE-79

CWE-79