CVE-2025-64325 | Emby Server prior 4.8.1.0/4.9.0.0-beta X-Emby-Client cross site scripting (GHSA-2gwc-988r-2r7x)

Inserito da Angelo Barbosa | Nov 19, 2025 | CVE

A vulnerability was found in Emby Server and classified as problematic. The affected element is an unknown function. The manipulation of the argument X-Emby-Client results in cross site scripting.

This vulnerability is known as CVE-2025-64325. It is possible to launch the attack remotely. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2025-64325 | Emby Server prior 4.8.1.0/4.9.0.0-beta X-Emby-Client cross site scripting (GHSA-2gwc-988r-2r7x)

Post correlati

CVE-2025-8771 | Zen Cart 2.1.0 index.php?cmd=sqlpatch missing authentication

CVE-2025-6478 | CodeAstro Expense Management System 1.0 cross-site request forgery

CVE-2024-7830 | D-Link DNS-1550-04 up to 20240814 photocenter_mgr.cgi cgi_move_photo photo_name buffer overflow

CVE-2023-47806 | Saint Systems Disable User Login Plugin up to 1.3.7 on WordPress cross-site request forgery