CVE-2025-34101P2CRITICALCVSS 9.3PoC≥ 1.4, ≤ 1.82025-07-10
CVE-2025-34101 [CRITICAL] CWE-20 CVE-2025-34101: An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 throu
An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to cmd.exe, enabling arbitrary command execution under
nvd