CVE-2025-64113CRITICAL 9.8EPSS p44.1%

CVE-2025-64113CVE-2025-64113

Description

Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby Server administration, not at the OS level). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable. This issue is fixed in version 4.9.1.81.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.60% probability of exploitation · percentile 44.1% · 2026-06-19T12:03:05Z
Published2025-12-09
Last modified2026-02-24

Underlying weaknesses· 1

CWE-640

References

  1. https://github.com/EmbySupport/Emby.Security/security/advisories/GHSA-95fv-5gfj-2r84

1

TypeTargetConfidenceTier
WeaknessWeak Password Recovery Mechanism for Forgotten Passwordcwe-6400%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-64325
CVE
CVE-2025-39247
CVE
CVE-2026-5786
CVE
CVE-2025-46811
CVE
CVE-2026-24346
CVE
CVE-2025-52824
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.