knsdiuah 0 Posted December 13, 2025 Posted December 13, 2025 (edited) Hi Team, I was looking into options to allow users to reset their passwords ( email-based password reset feature ). However, my attention was immediately drawn to the critical CVE-2025-64113 vulnerability, which describes a far more serious authentication issue: an unauthenticated admin takeover. Ironic given the hesitation to implement an authentication recovery feature for fear it might not be universally functional, while a critical authentication bypass vulnerability existed in the core product, undermining all security measures I looked through the release notes and didn't spot anything relevant. Given this flaw essentially bypasses all security, can you share the timeline for a release with the fix? Thank you EDIT: Just found https://github.com/EmbySupport/Emby.Security/security/advisories/GHSA-95fv-5gfj-2r84 It seems like this has been fixed. If so, it should have been in the release notes. Edited December 13, 2025 by knsdiuah
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now