Browse all 5 CVE security advisories affecting Serviio. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Serviio is a free media server that streams content to network-connected devices. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. The application's web interface has been particularly susceptible to attacks, with multiple CVEs documented. While no major public security incidents have been widely reported, the consistent presence of vulnerabilities in its web components highlights the importance of regular updates and secure deployment practices. Users should implement network segmentation and access controls to mitigate potential risks associated with these historically common weakness classes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2017-20220 | Serviio PRO 1.8 Unauthenticated Password Change via REST API — Serviio PROCWE-306 | 7.5 | High | 2026-03-15 |
| CVE-2017-20219 | Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser — Serviio PROCWE-79 | 6.1 | Medium | 2026-03-15 |
| CVE-2017-20218 | Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path — Serviio PROCWE-428 | 7.8 | High | 2026-03-15 |
| CVE-2017-20217 | Serviio PRO 1.8 REST API Information Disclosure — Serviio PROCWE-306 | 7.5 | High | 2026-03-15 |
| CVE-2025-34101 | Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter — Media ServerCWE-78 | 9.8AI | CriticalAI | 2025-07-10 |
This page lists every published CVE security advisory associated with Serviio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.