How to fix CVE-2025-34101?

Within 24 hours: Identify and inventory all Serviio Media Server instances running versions 1.4-1.8 on Windows; isolate affected systems from production networks if possible, or restrict network access to port 23423. Within 7 days: Implement network-based mitigations (WAF rules, firewall rules blocking /rest/action endpoint, or disable port 23423 externally); monitor for exploitation attempts in access logs. Within 30 days: Upgrade to Serviio version 1.9 or later when available, or migrate to alternative media server solutions if no patch is released.

Is Command Injection affected by CVE-2025-34101?

Serviio Media Server versions 1.4-1.8 on Windows contain a critical unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands with web server privileges without any authentication.

CVE-2025-34101

EUVD-2025-21036 CRITICAL

2025-07-10 [email protected]

9.3

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21036

PoC Detected

Jul 15, 2025 - 13:14 vuln.today

Public exploit code

CVE Published

Jul 10, 2025 - 20:15 nvd

CRITICAL 9.3

Description

An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to cmd.exe, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls.

Analysis

Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/action API endpoint. The checkStreamUrl method passes the VIDEO parameter directly to cmd.exe without sanitization, enabling remote code execution on the media server.

Technical Context

The /rest/action endpoint's checkStreamUrl method accepts a VIDEO parameter and passes it unsanitized to cmd.exe for stream validation. An attacker can inject arbitrary Windows commands through this parameter. The console component listens on port 23423 by default.

Affected Products

['Serviio Media Server 1.4 through 1.8 (Windows)']

Remediation

Update Serviio to the latest version. Restrict console port access (23423) to localhost. Run Serviio as a limited user. Block external access to Serviio management ports.

Priority Score

120

Low Medium High Critical

KEV: 0

EPSS: +53.9

CVSS: +46

POC: +20

CVE-2025-34101 vulnerability details – vuln.today

Back

CVE-2025-34101

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-34101

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code