PT-2026-1109 · Plex · Plex Media Server
Published
2026-01-02
·
Updated
2026-02-27
·
CVE-2025-69415
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Plex Media Server versions prior to 1.42.2.10157
Description
Plex Media Server (PMS) has an issue where access to the
/myplex/account endpoint with a device token is not correctly linked to the device's account association status. This could allow unauthorized access.Recommendations
Update Plex Media Server to version 1.42.2.10157 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Plex Media Server