Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Media Server by Serviio

    CVE-2025-34101 (GCVE-0-2025-34101)

    Vulnerability from nvd – Published: 2025-07-10 19:11 – Updated: 2026-05-14 02:07
    VLAI
    Title
    Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter
    Summary
    An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to cmd.exe, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Serviio Media Server Affected: 1.4 , ≤ 1.8 (custom)
    Create a notification for this product.
    Date Public
    2017-05-17 00:00
    Credits
    Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34101",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-10T20:25:00.205705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-10T20:25:09.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "REST API (/rest/action endpoint)",
                "checkStreamUrl method"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Media Server",
              "vendor": "Serviio",
              "versions": [
                {
                  "lessThanOrEqual": "1.8",
                  "status": "affected",
                  "version": "1.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:plex:media_server_firmware:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "1.8",
                      "versionStartIncluding": "1.4",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2017-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the \u003ccode\u003e/rest/action\u003c/code\u003e API endpoint exposed by the console component (default port 23423). The \u003ccode\u003echeckStreamUrl\u003c/code\u003e method accepts a \u003ccode\u003eVIDEO\u003c/code\u003e parameter that is passed unsanitized to a call to \u003ccode\u003ecmd.exe\u003c/code\u003e, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to cmd.exe, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T02:07:38.931Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "exploit"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5408.php"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://packetstorm.news/files/id/142387"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://fortiguard.fortinet.com/encyclopedia/ips/44042"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/serviio_checkstreamurl_cmd_exec.rb"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vulncheck.com/advisories/serviio-media-server-unauthenticated-command-injection"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/42023"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34101",
        "datePublished": "2025-07-10T19:11:05.353Z",
        "dateReserved": "2025-04-15T19:15:22.556Z",
        "dateUpdated": "2026-05-14T02:07:38.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34101 (GCVE-0-2025-34101)

    Vulnerability from cvelistv5 – Published: 2025-07-10 19:11 – Updated: 2026-05-14 02:07
    VLAI
    Title
    Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter
    Summary
    An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to cmd.exe, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Serviio Media Server Affected: 1.4 , ≤ 1.8 (custom)
    Create a notification for this product.
    Date Public
    2017-05-17 00:00
    Credits
    Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34101",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-10T20:25:00.205705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-10T20:25:09.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "REST API (/rest/action endpoint)",
                "checkStreamUrl method"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Media Server",
              "vendor": "Serviio",
              "versions": [
                {
                  "lessThanOrEqual": "1.8",
                  "status": "affected",
                  "version": "1.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:plex:media_server_firmware:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "1.8",
                      "versionStartIncluding": "1.4",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2017-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the \u003ccode\u003e/rest/action\u003c/code\u003e API endpoint exposed by the console component (default port 23423). The \u003ccode\u003echeckStreamUrl\u003c/code\u003e method accepts a \u003ccode\u003eVIDEO\u003c/code\u003e parameter that is passed unsanitized to a call to \u003ccode\u003ecmd.exe\u003c/code\u003e, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to cmd.exe, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T02:07:38.931Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "exploit"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5408.php"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://packetstorm.news/files/id/142387"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://fortiguard.fortinet.com/encyclopedia/ips/44042"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/serviio_checkstreamurl_cmd_exec.rb"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vulncheck.com/advisories/serviio-media-server-unauthenticated-command-injection"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/42023"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34101",
        "datePublished": "2025-07-10T19:11:05.353Z",
        "dateReserved": "2025-04-15T19:15:22.556Z",
        "dateUpdated": "2026-05-14T02:07:38.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }