{"id":"CVE-2025-64325","summary":"Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard","details":"Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has been patched in version 4.8.1.0 and Beta version 4.9.0.0-beta.","aliases":["GHSA-2gwc-988r-2r7x"],"modified":"2026-04-10T05:35:30.429088Z","published":"2025-11-18T22:32:06.902Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64325.json","cwe_ids":["CWE-116","CWE-79"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64325.json"},{"type":"ADVISORY","url":"https://github.com/EmbySupport/Emby.Security/security/advisories/GHSA-2gwc-988r-2r7x"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64325"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mediabrowser/emby.releases","events":[{"introduced":"0"},{"fixed":"0e8fe34a5b439c619588e6527010452c101c93c0"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.8.1.0"}]}}],"versions":["3.2.31","3.2.32.0","3.2.33.0","3.2.34.0","3.2.35.0","3.2.40.0","3.2.50.0","3.2.60.0","3.2.70.0","3.3.0.0","3.3.1.0","3.3.1.10","3.3.1.11","3.3.1.12","3.3.1.13","3.3.1.14","3.3.1.15","3.3.1.16","3.3.1.17","3.3.1.18","3.3.1.19","3.3.1.20","3.3.1.21","3.3.1.22","3.3.1.23","3.3.1.24","3.3.1.25","3.3.1.26","3.3.1.27","3.3.1.28","3.3.1.7","3.3.1.8","3.3.1.9","3.4.0.0","3.4.0.3","3.4.0.4","3.4.1.0","3.4.1.1","3.4.1.10","3.4.1.11","3.4.1.12","3.4.1.13","3.4.1.14","3.4.1.15","3.4.1.16","3.4.1.17","3.4.1.18","3.4.1.19","3.4.1.2","3.4.1.20","3.4.1.21","3.4.1.22","3.4.1.23","3.4.1.24","3.4.1.27","3.4.1.28","3.4.1.29","3.4.1.30","3.4.1.31","3.4.1.32","3.4.1.33","3.4.1.34","3.4.1.35","3.4.1.5","3.4.1.6","3.4.1.7","3.4.1.8","3.4.1.9","3.5.0.0","3.5.1.0","3.5.2.0","3.5.3.0","3.6.0.1","3.6.0.2","3.6.0.31","3.6.0.32","3.6.0.33","3.6.0.34","3.6.0.38","3.6.0.39","3.6.0.40","3.6.0.41","3.6.0.42","3.6.0.43","3.6.0.44","3.6.0.45","3.6.0.46","3.6.0.47","3.6.0.49","3.6.0.50","3.6.0.51","3.6.0.52","3.6.0.53","3.6.0.54","3.6.0.55","3.6.0.56","3.6.0.57","3.6.0.58","3.6.0.59","3.6.0.60","3.6.0.61","3.6.0.63","3.6.0.64","3.6.0.65","3.6.0.66","3.6.0.67","3.6.0.68","3.6.0.69","3.6.0.70","3.6.0.71","3.6.0.72","3.6.0.73","3.6.0.74","3.6.0.75","3.6.0.76","3.6.0.77","3.6.0.78","3.6.0.79","3.6.0.80","3.6.0.81","3.6.0.82","3.6.0.83","3.6.0.84","4.0.0.0","4.0.0.1","4.0.0.2","4.0.1.0","4.0.2.0","4.0.3.0","4.1.0.0","4.1.0.1","4.1.0.10","4.1.0.11","4.1.0.12","4.1.0.13","4.1.0.14","4.1.0.15","4.1.0.16","4.1.0.17","4.1.0.18","4.1.0.19","4.1.0.2","4.1.0.20","4.1.0.21","4.1.0.22","4.1.0.23","4.1.0.24","4.1.0.25","4.1.0.26","4.1.0.3","4.1.0.4","4.1.0.5","4.1.0.6","4.1.0.7","4.1.0.8","4.1.0.9","4.1.1.0","4.2.0.0","4.2.0.1","4.2.0.10","4.2.0.11","4.2.0.12","4.2.0.13","4.2.0.14","4.2.0.15","4.2.0.16","4.2.0.17","4.2.0.18","4.2.0.19","4.2.0.20","4.2.0.21","4.2.0.22","4.2.0.23","4.2.0.24","4.2.0.25","4.2.0.26","4.2.0.27","4.2.0.28","4.2.0.29","4.2.0.30","4.2.0.31","4.2.0.32","4.2.0.33","4.2.0.34","4.2.0.35","4.2.0.36","4.2.0.4","4.2.0.40","4.2.0.5","4.2.0.6","4.2.0.7","4.2.0.8","4.2.0.9","4.2.1.0","4.3.0.0","4.3.0.1","4.3.0.10","4.3.0.11","4.3.0.12","4.3.0.13","4.3.0.14","4.3.0.15","4.3.0.16","4.3.0.17","4.3.0.18","4.3.0.19","4.3.0.2","4.3.0.20","4.3.0.21","4.3.0.22","4.3.0.23","4.3.0.24","4.3.0.25","4.3.0.26","4.3.0.3","4.3.0.30","4.3.0.4","4.3.0.5","4.3.0.6","4.3.0.7","4.3.0.8","4.3.0.9","4.3.1.0","4.4.0.0","4.4.0.1","4.4.0.10","4.4.0.11","4.4.0.12","4.4.0.13","4.4.0.14","4.4.0.15","4.4.0.16","4.4.0.17","4.4.0.18","4.4.0.19","4.4.0.2","4.4.0.20","4.4.0.21","4.4.0.22","4.4.0.23","4.4.0.24","4.4.0.25","4.4.0.26","4.4.0.27","4.4.0.28","4.4.0.29","4.4.0.3","4.4.0.30","4.4.0.4","4.4.0.40","4.4.0.5","4.4.0.6","4.4.0.7","4.4.0.9","4.4.1.0","4.4.2.0","4.4.3.0","4.5.0.1","4.5.0.10","4.5.0.11","4.5.0.12","4.5.0.13","4.5.0.14","4.5.0.15","4.5.0.16","4.5.0.17","4.5.0.18","4.5.0.19","4.5.0.2","4.5.0.20","4.5.0.21","4.5.0.22","4.5.0.23","4.5.0.24","4.5.0.25","4.5.0.26","4.5.0.27","4.5.0.28","4.5.0.29","4.5.0.3","4.5.0.30","4.5.0.4","4.5.0.5","4.5.0.50","4.5.0.6","4.5.0.7","4.5.0.8","4.5.0.9","4.5.1.0","4.5.2.0","4.5.3.0","4.5.4.0","4.6.0.1","4.6.0.10","4.6.0.2","4.6.0.20","4.6.0.21","4.6.0.22","4.6.0.26","4.6.0.28","4.6.0.29","4.6.0.3","4.6.0.30","4.6.0.31","4.6.0.36","4.6.0.37","4.6.0.38","4.6.0.39","4.6.0.4","4.6.0.40","4.6.0.41","4.6.0.42","4.6.0.43","4.6.0.44","4.6.0.45","4.6.0.46","4.6.0.47","4.6.0.48","4.6.0.5","4.6.0.50","4.6.0.51","4.6.0.52","4.6.0.6","4.6.0.7","4.6.0.8","4.6.0.9","4.6.1.0","4.6.2.0","4.6.3.0","4.6.4.0","4.6.5.0","4.6.6.0","4.6.7.0","4.7.0.0","4.7.0.1","4.7.0.10","4.7.0.11","4.7.0.12","4.7.0.13","4.7.0.14","4.7.0.17","4.7.0.18","4.7.0.19","4.7.0.2","4.7.0.20","4.7.0.21","4.7.0.22","4.7.0.23","4.7.0.24","4.7.0.25","4.7.0.26","4.7.0.27","4.7.0.28","4.7.0.29","4.7.0.3","4.7.0.30","4.7.0.31","4.7.0.32","4.7.0.34","4.7.0.35","4.7.0.36","4.7.0.37","4.7.0.38","4.7.0.39","4.7.0.4","4.7.0.40","4.7.0.5","4.7.0.60","4.7.0.8","4.7.0.9","4.7.1.0","4.7.10.0","4.7.11.0","4.7.12.0","4.7.13.0","4.7.14.0","4.7.2.0","4.7.3.0","4.7.4.0","4.7.5.0","4.7.6.0","4.7.7.0","4.7.8.0","4.7.9.0","4.8.0.0","4.8.0.1","4.8.0.10","4.8.0.11","4.8.0.12","4.8.0.13","4.8.0.14","4.8.0.15","4.8.0.16","4.8.0.17","4.8.0.18","4.8.0.19","4.8.0.2","4.8.0.20","4.8.0.21","4.8.0.24","4.8.0.25","4.8.0.26","4.8.0.27","4.8.0.28","4.8.0.29","4.8.0.3","4.8.0.30","4.8.0.31","4.8.0.31-beta","4.8.0.32","4.8.0.33","4.8.0.34","4.8.0.35","4.8.0.36","4.8.0.37","4.8.0.38","4.8.0.39","4.8.0.4","4.8.0.40","4.8.0.41","4.8.0.41-beta","4.8.0.42","4.8.0.43","4.8.0.44","4.8.0.45","4.8.0.47","4.8.0.48","4.8.0.49","4.8.0.5","4.8.0.50","4.8.0.51","4.8.0.52","4.8.0.53","4.8.0.54","4.8.0.55","4.8.0.56","4.8.0.57","4.8.0.58","4.8.0.59","4.8.0.6","4.8.0.60","4.8.0.61","4.8.0.62","4.8.0.63","4.8.0.64","4.8.0.65","4.8.0.66","4.8.0.67","4.8.0.68","4.8.0.69","4.8.0.7","4.8.0.70","4.8.0.71","4.8.0.72","4.8.0.73","4.8.0.74","4.8.0.75","4.8.0.76","4.8.0.77","4.8.0.78","4.8.0.8","4.8.0.80","4.8.0.9","4.9.0.0","4.9.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64325.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}]}