CVE-2025-64113: Emby Server API Vulnerability allowing to gain administrative access without precondition

December 8, 2025 (updated December 9, 2025)

This vulnerability affects all Emby Server versions - beta and stable up to the specified versions. It allows an attacker to gain full administrative access to an Emby Server (for Emby Server administration, not at the OS level,). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable.

References

github.com/EmbySupport/Emby.Security
github.com/EmbySupport/Emby.Security/security/advisories/GHSA-95fv-5gfj-2r84
github.com/advisories/GHSA-95fv-5gfj-2r84
nvd.nist.gov/vuln/detail/CVE-2025-64113

Code Behaviors & Features

Detect and mitigate CVE-2025-64113 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →