Plex Media Server Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Plex Media Server Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Plex Media Server Firmware. Last year, in 2025 Media Server Firmware had 1 security vulnerability published. Right now, Media Server Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
It may take a day or so for new Media Server Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Plex Media Server Firmware Security Vulnerabilities
Serviio Media Server 1.4-1.8 CLI Injection via /rest/action (cmd.exe)
CVE-2025-34101
- July 10, 2025
An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to cmd.exe, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Plex Media Server Firmware or by Plex? Click the Watch button to subscribe.
