Warning: High severity vulnerability Remote Code Execution vulnerability in Emby Server, Patch Immediately!

    * Last update:  19/11/2025
   
    * Affected software: Emby Server
        → • Emby Server (Web App) < 4.8.1.0
        → • Emby Server Beta (Web App) < 4.9.0.0-beta

    * Type:
        → • Remote code execution
 
    * CVE/CVSS
        → • CVE-2025-64325: CVSS 8.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)

Sources

 
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-64325
 

Risks

A publicly exposed Emby media server can be exploited by an attacker to gain access into an internal network. Attackers can gain persistence on this machine by using malicious scripts in the context of Admin permissions. If the public facing interface of the media server is targeted, successful exploitation can lead to a high impact on the confidentiality and integrity of the server. Availability is not affected.

Description

An attacker can send a manipulated authentication request to any service endpoint from the server and add themselves to the devices section of the admin dashboard. This allows the attacker to further execute code on the server using administrative privileges. After exploitation the attacker can further pivot using the exploited machine to attack other interconnected machines.

Recommended Actions

 
Patch 

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
 
Monitor/Detect 

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
 
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.

While patching appliances or software to the newest version or implementing specific mitigations may protect against future exploitation, it does not remediate historic compromise.

References
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-64325