A critical API vulnerability (CVE-2025-64113) has been identified in MediaBrowser.Server.Core, affecting Emby Server. This flaw allows an unauthenticated attacker to gain full administrative access to the Emby Server instance without any prior conditions or authentication. The vulnerability poses a significant risk, potentially leading to complete compromise of the media server and its hosted content, including user data and system configurations.

Technical Details#

  • CVE ID: CVE-2025-64113
  • Published: 2025-12-10 11:08 UTC
  • Product: MediaBrowser.Server.Core
  • Risk Score: 5.3/10
  • Severity: CRITICAL
  • Original Source: View on Google_OSV

Remediation#

Organizations running Emby Server should monitor official Emby project channels for security advisories and patch releases related to CVE-2025-64113. It is imperative to apply all available security updates immediately upon release. In the interim, consider restricting network access to the Emby Server’s API endpoints to trusted internal networks or specific IP addresses where feasible, effectively limiting potential attack vectors. Regularly review server logs for suspicious administrative activity or unauthorized access attempts.

Disclaimer: This summary was generated by an Artificial Intelligence system and has not been verified by a human expert. Use at your own risk.

📢 Share this Alert#