CVE-2025-69415

Summary

In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.

Affected Software

VendorProductVersion RangeStatus
PlexMedia Server0 <= 1.42.2.10156affected

Weaknesses

  • CWE-672: CWE-672 Operation on a Resource after Expiration or Release

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References