CVE-2025-69414

CVSS v3.1

8.5

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Plex Media Server versions through 1.42.2.10156

Description Plex Media Server (PMS) allows retrieval of a permanent access token via a /myplex/account call when using a transient access token. The API endpoint /myplex/account is involved in this issue. The use of a transient access token can lead to the unintended acquisition of a permanent access token.

Recommendations Update Plex Media Server to a version later than 1.42.2.10156.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2025-69414

Affected Products

Plex Media Server

CVE-2025-69414

Weakness Enumeration

Related Identifiers

Affected Products

References · 9