What is the CVSS score of CVE-2025-34101?

CVE-2025-34101 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. EPSS exploitation probability: 53.9%.

Which versions of Windows are affected by CVE-2025-34101?

Serviio Media Server versions 1.4-1.8 on Windows contain a critical unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands with web server privileges…

Is there a public PoC exploit available for CVE-2025-34101?

Yes, a public proof-of-concept exploit is available for CVE-2025-34101. Prioritise patching immediately. EPSS: 53.9%.

How to fix or mitigate CVE-2025-34101?

Within 24 hours: Identify and inventory all Serviio Media Server instances running versions 1.4-1.8 on Windows; isolate affected systems from production networks if possible, or restrict network access to port 23423. Within 7 days: Implement network-based mitigations (WAF rules, firewall rules blocking /rest/action endpoint, or disable port 23423 externally); monitor for exploitation attempts in access logs. Within 30 days: Upgrade to Serviio version 1.9 or later when available, or migrate to alternative media server solutions if no patch is released.

Windows CVE-2025-34101

EUVD-2025-21036 CRITICAL

Improper Input Validation (CWE-20)

2025-07-10 disclosure@vulncheck.com

Windows Command Injection Microsoft

9.3

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21036

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

PoC Detected

Jul 15, 2025 - 13:14 vuln.today

Public exploit code

CVE Published

Jul 10, 2025 - 20:15 nvd

CRITICAL 9.3

DescriptionNVD

An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to cmd.exe, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls.

AnalysisAI

Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/action API endpoint. The checkStreamUrl method passes the VIDEO parameter directly to cmd.exe without sanitization, enabling remote code execution on the media server.

Technical ContextAI

The /rest/action endpoint's checkStreamUrl method accepts a VIDEO parameter and passes it unsanitized to cmd.exe for stream validation. An attacker can inject arbitrary Windows commands through this parameter. The console component listens on port 23423 by default.

RemediationAI

Update Serviio to the latest version. Restrict console port access (23423) to localhost. Run Serviio as a limited user. Block external access to Serviio management ports.

More from same product – last 7 days

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2026-42901 CRITICAL Monitor

10.0 May 22

Privilege escalation in Microsoft Entra ID enables remote unauthenticated attackers to bypass origin validation and gain

CVE-2025-34101 vulnerability details – vuln.today

Back

Windows CVE-2025-34101

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code