PT-2025-34216 · Plex · Plex Media Server
Luis Finke
·
Published
2025-08-21
·
Updated
2025-08-31
·
CVE-2025-34158
CVSS v3.1
8.5
8.5
High
| Base vector | Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N |
**Name of the Vulnerable Software and Affected Versions:**
Plex Media Server versions 1.41.7.x through 1.42.0.x
**Description:**
Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported through Plex’s bug bounty program. Over 300,000 instances remain vulnerable to remote exploitation. The vulnerability has a maximum CVSS score, indicating a critical severity.
**Recommendations:**
Update Plex Media Server to version 1.42.1.10060+ to resolve this issue.
Exploit
Fix
RCE
Related Identifiers
CVE-2025-34158
Affected Products
Plex Media Server
References · 39
- 🔥 https://github.com/lufinkey/vulnerability-research/tree/main/CVE-2025-34158 · Exploit
- https://forums.plex.tv/t/plex-media-server-security-update/928341 · Patch, Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-34158 · Security Note
- https://plex.tv/media-server-downloads · Patch
- https://twitter.com/VulmonFeeds/status/1958558087104589861 · Twitter Post
- https://twitter.com/HunterMapping/status/1958815568514998321 · Twitter Post
- https://reddit.com/r/TechNadu/comments/1n2cuad/300k_plex_media_servers_still_vulnerable_to · Reddit Post
- https://twitter.com/TheCyberSecHub/status/1960714454724960488 · Twitter Post
- https://runzero.com/blog/plex · Note
- https://twitter.com/TweetThreatNews/status/1961110736135929920 · Twitter Post
- https://twitter.com/CVEnew/status/1958533636132843554 · Twitter Post
- https://t.me/CVEtracker/31090 · Telegram Post
- https://twitter.com/samilaiho/status/1961358784527204689 · Twitter Post
- https://reddit.com/r/CVEWatch/comments/1myrps8/top_10_trending_cves_24082025 · Reddit Post
- https://t.me/cveNotify/133798 · Telegram Post