Browse all 3 CVE security advisories affecting EmbySupport. AI-powered Chinese analysis, POCs, and references for each vulnerability.
EmbySupport develops media server software enabling users to stream personal media collections across devices. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. The software has faced multiple security incidents, including three publicly disclosed CVEs, with RCE being the most critical class. EmbySupport's architecture exposes web interfaces that have been targeted for XSS attacks, while insufficient permission checks have led to privilege escalation risks. Despite these issues, the vendor has generally addressed vulnerabilities promptly through security patches, though the recurring nature of similar flaws suggests ongoing challenges in secure coding practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64113 | Emby Server allows attackers to gain administrative server access without preconditions — securityCWE-640 | 8.1AI | HighAI | 2025-12-09 |
| CVE-2023-33193 | Emby Server Proxy Header Spoofing Vulnerability — securityCWE-444 | 9.1 | Critical | 2023-05-30 |
This page lists every published CVE security advisory associated with EmbySupport. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.