CVE-2025-34158

Published Aug 21, 2025

Last updated a day ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-34158 is an unspecified security vulnerability affecting Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x. The vulnerability was reported through Plex's bug bounty program and has been addressed in version 1.42.1. While the technical details of the vulnerability have not been publicly disclosed, Plex has stated that it could potentially compromise system integrity, confidentiality, or availability. Users of the affected versions are strongly encouraged to update to version 1.42.1 as soon as possible.

Description: Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex’s bug bounty program. While technical details have not been publicly disclosed, the issue was acknowledged by the vendor and resolved in version 1.42.1. The vulnerability may pose a risk to system integrity, confidentiality, or availability, prompting a strong recommendation for all users to upgrade immediately.
Source: disclosure@vulncheck.com
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 10
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: CRITICAL

Weaknesses

disclosure@vulncheck.com: CWE-20

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 7

References