Plattform
windows
Komponente
emby
Behoben in
4.8.1
CVE-2025-46385 is a Server-Side Request Forgery (SSRF) vulnerability discovered in Emby Media Server. This flaw allows attackers to manipulate the server into making requests to unintended internal or external resources, potentially leading to unauthorized access and data exposure. The vulnerability impacts versions 4.8.0 and is resolved in version 4.8.1. Users are strongly advised to upgrade immediately.
An attacker exploiting CVE-2025-46385 can leverage the SSRF vulnerability to scan internal networks, access sensitive data residing on internal services, or even interact with cloud resources if the Emby server has access to them. This could involve retrieving configuration files, accessing databases, or triggering actions on other systems within the network. The blast radius extends to any internal resource accessible via HTTP/HTTPS from the Emby server, potentially compromising the entire internal infrastructure. While direct remote code execution is unlikely, the ability to access internal resources significantly expands the attack surface.
CVE-2025-46385 was publicly disclosed on 2025-07-20. There is no indication of this vulnerability being actively exploited at this time. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are not yet available, but the SSRF nature of the vulnerability makes it likely that such exploits will emerge.
Organizations running Emby Media Server version 4.8.0, particularly those with internal services accessible via HTTP/HTTPS, are at risk. Shared hosting environments where Emby is deployed could also be vulnerable, as the attacker could potentially leverage the SSRF to access other services on the same host.
• windows / supply-chain:
Get-Process -Name Emby | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 1000 -ProviderName Emby.Server" | Select-String -Pattern "SSRF"• linux / server:
journalctl -u emby-server | grep -i ssrf• linux / server:
lsof -i :8080 | grep -i embydisclosure
Exploit-Status
EPSS
0.04% (11% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-46385 is to upgrade Emby Media Server to version 4.8.1 or later. If immediate upgrading is not feasible, consider implementing network segmentation to restrict the Emby server's access to internal resources. Firewall rules should be configured to block outbound requests to unnecessary destinations. While a WAF might offer some protection, it's not a substitute for patching. Monitor Emby server logs for unusual outbound requests, specifically those targeting internal IP addresses or sensitive services. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability and verifying that the request is blocked or redirected.
Actualizar Emby a la última versión disponible. Verificar y restringir el acceso a la red interna para mitigar el riesgo de SSRF. Implementar validación y sanitización de las entradas del usuario para prevenir la manipulación de las solicitudes.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-46385 is a Server-Side Request Forgery vulnerability in Emby Media Server versions 4.8.0, allowing attackers to make requests to unintended internal or external resources.
If you are running Emby Media Server version 4.8.0, you are affected by this vulnerability. Upgrade to version 4.8.1 or later to mitigate the risk.
The recommended fix is to upgrade Emby Media Server to version 4.8.1 or later. Network segmentation and firewall rules can provide temporary mitigation.
There is currently no public information indicating that CVE-2025-46385 is being actively exploited, but the SSRF nature of the vulnerability makes it a potential target.
Please refer to the official Emby security advisory for detailed information and updates regarding CVE-2025-46385: [https://emby.media/security/]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.