CVE-2025-34158

Published Aug 21, 2025

Last updated 2 months ago

CVSS high 8.5

Overview

Description
Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner (and a /api/resources call reveals other servers accessible by that server owner).
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.5
Impact score
4.7
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-669

Social media

Hype score
Not currently trending

  1. #VulnerabilityReport #CVE202534158 CVE-2025-34158 (CVSS 10): Plex Media Server Users Warned to Patch Critical Vulnerability Now https://t.co/KNJ28MQ7oe

    @Komodosec

    27 Sept 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. More than 300,000 Plex Media Servers are still vulnerable to CVE-2025-34158, a remote code execution flaw that needs no authentication. Patch now to the latest version to protect your data. #CyberSecurity #Plex #PatchNow https://t.co/P1Nu4pJRAH

    @mxm_mainsecure

    4 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. More than 300,000 Plex Media Servers are still vulnerable to CVE-2025-34158, a remote code execution flaw that needs no authentication. Patch now to the latest version to protect your data. #CyberSecurity #Plex #PatchNow https://t.co/VRME4NIBWs

    @Prevent_Cyber

    3 Sept 2025

    78 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Plex Media Server kullanıcıları için kritik bir haber var! 300.000'den fazla sunucu, CVE-2025-34158 açığına karşı savunmasız durumda. 1.42.1 sürümüne güncellemediyseniz, risk altında olabilirsiniz. Güncellemelerinizi yaptınız mı? #Plex #Güvenlik #Plex_Güvenl

    @Siber_Kalkan_

    31 Aug 2025

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. أكثر من 300,000 خادم Plex موجه للإنترنت لا يزال عرضة للاختراق عبر ثغرة CVE-2025-34158. هذه الثغرة الحرجة تم إصلاحها في النسخة 1.42.1. إذا لم تحدث خادمك، فأنت معرض لخطر فقد

    @Cybereayn

    31 Aug 2025

    95 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 https://t.co/tuPPgsYkrt https://t.co/wV5RqVPU3g

    @secharvesterx

    30 Aug 2025

    127 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Massive vulnerabilities hit Plex (CVE-2025-34158) and Citrix (28,200+ RCE targets); FreePBX zero-day patched amid ongoing exploits. Nation-state Salt Typhoon campaigns impact Cisco, Ivanti, Palo Alto devices. #FreePBX #DataBreach #USA https://t.co/RByE6c0Qqm

    @TweetThreatNews

    29 Aug 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ⚠️ 300k+ @plex servers still vulnerable to CVE-2025-34158. -Max CVSS rating -Remote unauth exploit -Full compromise possible Plex urges users to patch → v1.42.1.10060+. Why do so many delay updates, even with risks this high? 🤔 💬 Reply & Follow @Technadu for upd

    @TechNadu

    28 Aug 2025

    156 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Over 300,000 Plex Media Server installations remain susceptible to exploitation due to CVE-2025-34158. https://t.co/DWrafsJFOA

    @DemolisherDigi

    28 Aug 2025

    94 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 https://t.co/bkcA0mutQD #HelpNetSecurity #Cybersecurity https://t.co/EPNfNIsgyv

    @PoseidonTPA

    27 Aug 2025

    60 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  11. 300k+ #Plex Media #Server instances still vulnerable to attack via #CVE-2025-34158 https://t.co/hEuN3kHuYV

    @ScyScan

    27 Aug 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨Alert🚨 CVE-2025-34158 (CVSS 10) : An Unspecified Security Vulnerability in Plex Media Server (PMS) Has Been Reported Via Plex’s Bug Bounty Program. 📊7.3M Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/L4J5cJGUUJ 👇Query HUNTE

    @HunterMapping

    22 Aug 2025

    2352 Impressions

    10 Retweets

    32 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-34158 Plex Media Server (PMS) versions 1.41.7.x through 1.42.0.x are affected by an unspecified security vulnerability reported via Plex’s bug bounty program. While technic… https://t.co/GgQSoCsBSb

    @CVEnew

    21 Aug 2025

    337 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    2 Replies

    0 Quotes

  14. [CVE-2025-34158: CRITICAL] Security alert: Plex Media Server versions 1.41.7.x-1.42.0.x had a critical vulnerability, now fixed in 1.42.1. Users urged to update to protect system from potential risks.#cve,CVE-2025-34158,#cybersecurity https://t.co/ZCPyg51jU9 https://t.co/Qv23FDSm

    @CveFindCom

    21 Aug 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.