knsdiuah 1 Posted December 13, 2025 Posted December 13, 2025 (edited) Hi Team, I was looking into options to allow users to reset their passwords ( email-based password reset feature ). However, my attention was immediately drawn to the critical CVE-2025-64113 vulnerability, which describes a far more serious authentication issue: an unauthenticated admin takeover. Ironic given the hesitation to implement an authentication recovery feature for fear it might not be universally functional, while a critical authentication bypass vulnerability existed in the core product, undermining all security measures I looked through the release notes and didn't spot anything relevant. Given this flaw essentially bypasses all security, can you share the timeline for a release with the fix? Thank you EDIT: Just found https://github.com/EmbySupport/Emby.Security/security/advisories/GHSA-95fv-5gfj-2r84 It seems like this has been fixed. If so, it should have been in the release notes. Edited December 13, 2025 by knsdiuah 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now