CVE-2025-34158
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-28
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| plex | media_server | 1.42.0 |
| plex | media_server | 1.42.1 |
| plex | media_server | 1.41.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-669 | The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Plex Media Server versions 1.41.7.x through 1.42.0.x. Although specific technical details have not been publicly disclosed, it is a serious security issue acknowledged by the vendor and fixed in version 1.42.1. The vulnerability may impact system integrity, confidentiality, or availability.
How can this vulnerability impact me? :
The vulnerability could compromise the integrity, confidentiality, or availability of the affected system, potentially allowing unauthorized access or disruption of service. Due to its high severity (CVSS 10.0), it poses a critical risk to users if not patched.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Plex Media Server to version 1.42.1 or later, as this version contains the fix for the issue.