CVE-2025-69415

High CVSS: 7.1

In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.

Vendor

Plex

Product

Media Server

CWE

CWE-672

Yayın Tarihi

2026-01-02 17:16:23

Güncelleme

2026-02-27 15:27:18

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-672 Media Server HIGH Plex 2026

Referanslar

https://github.com/lufinkey/vulnerability-research/blob/main/CVE-2025-34158/README.md

Benzer Kayıtlar

Medium

CVE-2025-69416

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other toke…

Medium

CVE-2025-69417

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share toke…

High

CVE-2025-69414

Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call wit…