Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Plex
  • Plex Media Server

No data.

No data.

References
Link Providers
https://forums.plex.tv/t/plex-media-server-security-update/928341 cve-icon cve-icon
https://github.com/lufinkey/vulnerability-research/tree/main/CVE-2025-34158 cve-icon cve-icon
https://www.bleepingcomputer.com/news/security/plex-warns-users-to-patch-security-vulnerability-immediately/ cve-icon cve-icon
https://www.plex.tv/media-server-downloads/ cve-icon cve-icon
https://www.runzero.com/blog/plex/ cve-icon cve-icon
https://www.tenable.com/plugins/nessus/250294 cve-icon cve-icon
https://www.vulncheck.com/advisories/plex-media-server-unspecified cve-icon cve-icon
History

Thu, 28 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 Aug 2025 04:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N'}

Thu, 28 Aug 2025 03:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Thu, 28 Aug 2025 00:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV4_0

{'score': 10.0, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Thu, 28 Aug 2025 00:15:00 +0000

Type Values Removed Values Added
Title Plex Media Server (PMS) 1.41.7.x - 1.42.0.x Unspecified Vulnerabiliity

Thu, 28 Aug 2025 00:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-669
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

 cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 10.0, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Wed, 27 Aug 2025 23:45:00 +0000

Type Values Removed Values Added
Description Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex’s bug bounty program. While technical details have not been publicly disclosed, the issue was acknowledged by the vendor and resolved in version 1.42.1. The vulnerability may pose a risk to system integrity, confidentiality, or availability, prompting a strong recommendation for all users to upgrade immediately. Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres.
References

Sat, 23 Aug 2025 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Plex
Plex plex Media Server
Vendors & Products Plex
Plex plex Media Server

Thu, 21 Aug 2025 15:30:00 +0000

Type Values Removed Values Added
Description Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex’s bug bounty program. While technical details have not been publicly disclosed, the issue was acknowledged by the vendor and resolved in version 1.42.1. The vulnerability may have posed a risk to system integrity, confidentiality, or availability, prompting a strong recommendation for all users to upgrade immediately. Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex’s bug bounty program. While technical details have not been publicly disclosed, the issue was acknowledged by the vendor and resolved in version 1.42.1. The vulnerability may pose a risk to system integrity, confidentiality, or availability, prompting a strong recommendation for all users to upgrade immediately.
References

Thu, 21 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 Aug 2025 14:00:00 +0000

Type Values Removed Values Added
Description Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex’s bug bounty program. While technical details have not been publicly disclosed, the issue was acknowledged by the vendor and resolved in version 1.42.1. The vulnerability may have posed a risk to system integrity, confidentiality, or availability, prompting a strong recommendation for all users to upgrade immediately.
Title Plex Media Server (PMS) 1.41.7.x - 1.42.0.x Unspecified Vulnerabiliity
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-08-21T13:43:30.032Z

Updated: 2025-08-28T19:18:55.994Z

Reserved: 2025-04-15T19:15:22.565Z

Link: CVE-2025-34158

cve-icon Vulnrichment

Updated: 2025-08-21T14:03:25.443Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-21T14:15:39.970

Modified: 2025-08-28T05:15:32.150

Link: CVE-2025-34158

cve-icon Redhat

No data.