CVE-2025-34158

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34158
Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres.

8.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://forums.plex.tv/t/plex-media-server-security-update/928341
https://github.com/lufinkey/vulnerability-research/tree/main/CVE-2025-34158
https://www.bleepingcomputer.com/news/security/plex-warns-users-to-patch-security-vulnerability-immediately/
https://www.plex.tv/media-server-downloads/
https://www.runzero.com/blog/plex/
https://www.tenable.com/plugins/nessus/250294
https://www.vulncheck.com/advisories/plex-media-server-unspecified
Configurations

No configuration.

History

28 Aug 2025, 05:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.4 		v2 : unknown
v3 : 8.5

28 Aug 2025, 03:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.2 		v2 : unknown
v3 : 6.4

28 Aug 2025, 00:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.2
Summary (en) Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex’s bug bounty program. While technical details have not been publicly disclosed, the issue was acknowledged by the vendor and resolved in version 1.42.1. The vulnerability may pose a risk to system integrity, confidentiality, or availability, prompting a strong recommendation for all users to upgrade immediately. (en) Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres.
CWE CWE-20 CWE-669
References
  • () https://github.com/lufinkey/vulnerability-research/tree/main/CVE-2025-34158 -
References () https://forums.plex.tv/t/plex-media-server-security-update/928341 - () https://forums.plex.tv/t/plex-media-server-security-update/928341 -
References () https://www.bleepingcomputer.com/news/security/plex-warns-users-to-patch-security-vulnerability-immediately/ - () https://www.bleepingcomputer.com/news/security/plex-warns-users-to-patch-security-vulnerability-immediately/ -
References () https://www.plex.tv/media-server-downloads/ - () https://www.plex.tv/media-server-downloads/ -
References () https://www.runzero.com/blog/plex/ - () https://www.runzero.com/blog/plex/ -
References () https://www.tenable.com/plugins/nessus/250294 - () https://www.tenable.com/plugins/nessus/250294 -
References () https://www.vulncheck.com/advisories/plex-media-server-unspecified - () https://www.vulncheck.com/advisories/plex-media-server-unspecified -

22 Aug 2025, 18:09

Type Values Removed Values Added
Summary
  • (es) Las versiones 1.41.7.x a 1.42.0.x de Plex Media Server (PMS) se ven afectadas por una vulnerabilidad de seguridad no especificada, reportada a través del programa de recompensas por errores de Plex. Si bien no se han divulgado públicamente los detalles técnicos, el proveedor reconoció el problema y lo resolvió en la versión 1.42.1. Esta vulnerabilidad puede suponer un riesgo para la integridad, la confidencialidad o la disponibilidad del sistema, por lo que se recomienda encarecidamente a todos los usuarios que actualicen la versión de inmediato.

21 Aug 2025, 16:15

Type Values Removed Values Added
References
  • () https://www.vulncheck.com/advisories/plex-media-server-unspecified -
Summary (en) Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex’s bug bounty program. While technical details have not been publicly disclosed, the issue was acknowledged by the vendor and resolved in version 1.42.1. The vulnerability may have posed a risk to system integrity, confidentiality, or availability, prompting a strong recommendation for all users to upgrade immediately. (en) Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex’s bug bounty program. While technical details have not been publicly disclosed, the issue was acknowledged by the vendor and resolved in version 1.42.1. The vulnerability may pose a risk to system integrity, confidentiality, or availability, prompting a strong recommendation for all users to upgrade immediately.

21 Aug 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-21 14:15

Updated : 2025-08-28 05:15

NVD link : CVE-2025-34158

Mitre link : CVE-2025-34158

CVE.ORG link : CVE-2025-34158

JSON object : View

Products Affected

No product.

CWE
CWE-669

Incorrect Resource Transfer Between Spheres