CVE-2025-31499 Overview
CVE-2025-31499 is an argument injection vulnerability [CWE-88] in Jellyfin, an open source self-hosted media server. Versions prior to 10.10.7 fail to fully sanitize parameters passed to FFmpeg, allowing attackers to inject command-line arguments. The flaw represents a bypass of the patch for CVE-2023-49096, which was originally addressed in version 10.8.13. Attackers can exploit the issue through the unauthenticated /Videos/<itemId>/stream and /Videos/<itemId>/stream.<container> endpoints, provided they can obtain a valid itemId. Successful exploitation enables arbitrary file write, which can be escalated to remote code execution through the Jellyfin plugin system.
Critical Impact
Authenticated low-privileged users can achieve remote code execution on the Jellyfin server by injecting unsanitized FFmpeg arguments to write arbitrary files into the plugin directory.
Affected Products
- Jellyfin media server versions prior to 10.10.7
- Jellyfin /Videos/<itemId>/stream endpoint
- Jellyfin /Videos/<itemId>/stream.<container> endpoint and likely related AudioController endpoints
Discovery Timeline
- 2025-04-15 - CVE-2025-31499 published to the National Vulnerability Database
- 2025-10-06 - Last updated in NVD database
Technical Details for CVE-2025-31499
Vulnerability Analysis
Jellyfin invokes FFmpeg as an external process to transcode media streams. User-controlled parameters from streaming endpoints flow into the FFmpeg command line. The previous fix in version 10.8.13 sanitized a subset of these parameters but missed others. An attacker can supply crafted values to the unsanitized parameters that FFmpeg interprets as command-line flags rather than data. FFmpeg accepts arguments that control output paths and file handling, so injected flags can redirect output to arbitrary locations on the filesystem.
Root Cause
The root cause is incomplete neutralization of argument delimiters when constructing the FFmpeg command line [CWE-88]. The original patch addressed specific injection vectors but did not enumerate every parameter that reaches the subprocess invocation. Unsanitized parameters remain controllable from HTTP request inputs and are concatenated into FFmpeg arguments without validation against an allow-list of expected values.
Attack Vector
An attacker first obtains a valid itemId, which any authenticated low-privileged user can enumerate through standard API queries. The attacker then issues a request to /Videos/<itemId>/stream or /Videos/<itemId>/stream.<container> with crafted query parameters that inject additional FFmpeg arguments. The injected arguments cause FFmpeg to write attacker-controlled content to a chosen filesystem path. Writing a malicious plugin DLL into the Jellyfin plugin directory leads to code execution when the server loads the plugin. The exploitation path requires no privileged role beyond standard user credentials.
No verified public proof-of-concept code is available. See the Jellyfin Security Advisory GHSA-2c3c-r7gp-q32m for vendor technical details.
Detection Methods for CVE-2025-31499
Indicators of Compromise
- Unexpected files written to the Jellyfin plugin directory, particularly DLLs or executables with recent timestamps that do not match installed plugin versions.
- HTTP requests to /Videos/ or /Audio/ streaming endpoints containing unusual characters such as spaces, hyphens prefixing argument-like tokens, or known FFmpeg flag names in query parameters.
- FFmpeg processes spawned by Jellyfin with command-line arguments referencing filesystem paths outside the expected transcoding cache directory.
Detection Strategies
- Inspect Jellyfin access logs for streaming endpoint requests containing FFmpeg flag patterns such as -y, -f, or output path tokens in query strings.
- Monitor process telemetry for ffmpeg child processes of Jellyfin whose argument list includes writes to non-cache directories.
- Audit the Jellyfin plugin directory for newly created or modified assemblies that lack corresponding entries in the official plugin catalog.
Monitoring Recommendations
- Enable verbose logging on the Jellyfin reverse proxy and forward request URIs to a centralized log platform for query parameter analysis.
- Establish file integrity monitoring on the Jellyfin data and plugin directories to alert on unauthorized writes.
- Correlate authentication events with subsequent streaming endpoint access patterns to identify low-privileged accounts probing for itemId values.
How to Mitigate CVE-2025-31499
Immediate Actions Required
- Upgrade Jellyfin to version 10.10.7 or later, which contains the patch in commit 79f3ce53257c5291887cd52d8ac735b5252c9a97.
- Rotate credentials for all Jellyfin user accounts and review the user list for unrecognized accounts.
- Inspect the plugin directory for unauthorized files and remove any plugin that was not installed through the official catalog.
Patch Information
The vulnerability is patched in Jellyfin version 10.10.7. Refer to the Jellyfin patch commit on GitHub and the GitHub Security Advisory GHSA-2c3c-r7gp-q32m for the full list of changes and parameter handling improvements.
Workarounds
- Restrict access to the Jellyfin server using a reverse proxy that blocks unauthenticated requests to /Videos/ and /Audio/ streaming endpoints.
- Disable user registration and require administrator approval for new accounts to limit the pool of attackers who can retrieve a valid itemId.
- Run the Jellyfin service under a low-privileged user account and apply filesystem permissions that prevent writes to the plugin directory by the service user where feasible.
# Verify the installed Jellyfin version and upgrade if below 10.10.7
dpkg -l | grep jellyfin
# Debian/Ubuntu upgrade
sudo apt update && sudo apt install --only-upgrade jellyfin
# Docker upgrade
docker pull jellyfin/jellyfin:10.10.7
docker stop jellyfin && docker rm jellyfin
docker run -d --name jellyfin jellyfin/jellyfin:10.10.7
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
