Platform
windows
Component
emby
Fixed in
4.8.1
CVE-2025-46385 is a Server-Side Request Forgery (SSRF) vulnerability discovered in Emby Media Server. This flaw allows attackers to manipulate the server into making requests to unintended internal or external resources, potentially leading to unauthorized access and data exposure. The vulnerability impacts versions 4.8.0 and is resolved in version 4.8.1. Users are strongly advised to upgrade immediately.
An attacker exploiting CVE-2025-46385 can leverage the SSRF vulnerability to scan internal networks, access sensitive data residing on internal services, or even interact with cloud resources if the Emby server has access to them. This could involve retrieving configuration files, accessing databases, or triggering actions on other systems within the network. The blast radius extends to any internal resource accessible via HTTP/HTTPS from the Emby server, potentially compromising the entire internal infrastructure. While direct remote code execution is unlikely, the ability to access internal resources significantly expands the attack surface.
CVE-2025-46385 was publicly disclosed on 2025-07-20. There is no indication of this vulnerability being actively exploited at this time. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are not yet available, but the SSRF nature of the vulnerability makes it likely that such exploits will emerge.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-46385 is to upgrade Emby Media Server to version 4.8.1 or later. If immediate upgrading is not feasible, consider implementing network segmentation to restrict the Emby server's access to internal resources. Firewall rules should be configured to block outbound requests to unnecessary destinations. While a WAF might offer some protection, it's not a substitute for patching. Monitor Emby server logs for unusual outbound requests, specifically those targeting internal IP addresses or sensitive services. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability and verifying that the request is blocked or redirected.
Update Emby to the latest available version. Verify and restrict access to the internal network to mitigate the risk of SSRF. Implement validation and sanitization of user inputs to prevent request manipulation.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-46385 is a Server-Side Request Forgery vulnerability in Emby Media Server versions 4.8.0, allowing attackers to make requests to unintended internal or external resources.
If you are running Emby Media Server version 4.8.0, you are affected by this vulnerability. Upgrade to version 4.8.1 or later to mitigate the risk.
The recommended fix is to upgrade Emby Media Server to version 4.8.1 or later. Network segmentation and firewall rules can provide temporary mitigation.
There is currently no public information indicating that CVE-2025-46385 is being actively exploited, but the SSRF nature of the vulnerability makes it a potential target.
Please refer to the official Emby security advisory for detailed information and updates regarding CVE-2025-46385: [https://emby.media/security/]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.