How severe is CVE-2021-32833?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2021-32833?

This is classified as CWE-552, which is a common weakness in software security.

CVE-2021-32833 - HIGH Severity | CVSS 8.6

Vulnerability Description

Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to unauthorized access to the system especially when Emby Server is configured to be accessible from the Internet.

Related Vulnerabilities

CVE-2025-26525

HIGH

CVSS:8.6(High)

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).

CWE-5522025

CVE-2022-1117

HIGH

CVSS:8.4(High)

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker...

CWE-5522022

CVE-2024-34066

HIGH

CVSS:8.4(High)

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it ...

CWE-5522024

CVE-2021-20182

HIGH

CVSS:8.8(High)

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to th...

CWE-5522021

CVE-2021-4112

HIGH

CVSS:8.8(High)

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user ...

CWE-5522021

CVE-2022-25297

HIGH

CVSS:8.8(High)

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations o...

CWE-5522022