CVE-2025-34158

Summary

Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner (and a /api/resources call reveals other servers accessible by that server owner).

Affected Software

VendorProductVersion RangeStatus
PlexMedia Server1.41.7.x < 1.42.1affected

Weaknesses

  • CWE-669: CWE-669 Incorrect Resource Transfer Between Spheres

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References