- Description
- Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- media_server
CVSS 3.1
- Type
- Primary
- Base score
- 7.1
- Impact score
- 4.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
- cve@mitre.org
- CWE-863
- Hype score
- Not currently trending
CVE-2025-69414 - Supply chain attack in Plex. Token theft via /myplex/account. CVSS 8.5. Unpatched. Disable Plex access until fix. #CVE #Plex #infosec #cybersecurity #DevSecOps #sysadmin #linux #developers More: https://t.co/BJC8vl6TqR
@HugoValters
21 May 2026
299 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-69414 Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token. https://t.co/5ltKsBDA8Z
@CVEnew
2 Jan 2026
320 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-69414: HIGH] Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.#cve,CVE-2025-69414,#cybersecurity https://t.co/dwXGqRp96T https://t.co/30f9CMtQ04
@CveFindCom
2 Jan 2026
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-69414 - High Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token. https://t.co/b5BibWYgYx https://t.co/pSmUppuM1L
@TheHackerWire
2 Jan 2026
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plex:media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4BA6A5-E87A-497B-85EE-F2EEA90B8740",
"versionEndIncluding": "1.42.2.10156",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]