CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-69415

In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.5%

CVSS Severity

CVSS v3 Score 7.1

References

https://github.com/lufinkey/vulnerability-research/blob/main/CVE-2025-34158/README.md

Products affected by CVE-2025-69415

Plex » Media Server » Version: N/A

cpe:2.3:a:plex:media_server:-
Plex » Media Server » Version: 0.9.9.2

cpe:2.3:a:plex:media_server:0.9.9.2
Plex » Media Server » Version: 1.13.2.5154

cpe:2.3:a:plex:media_server:1.13.2.5154
Plex » Media Server » Version: 1.18.2.2029

cpe:2.3:a:plex:media_server:1.18.2.2029
Plex » Media Server » Version: 1.18.2.2029-36236cc4c

cpe:2.3:a:plex:media_server:1.18.2.2029-36236cc4c
Plex » Media Server » Version: 1.19.1.2701

cpe:2.3:a:plex:media_server:1.19.1.2701
Plex » Media Server » Version: 1.19.3

cpe:2.3:a:plex:media_server:1.19.3
Plex » Media Server » Version: 1.21

cpe:2.3:a:plex:media_server:1.21
Plex » Media Server » Version: 1.24.4.5081

cpe:2.3:a:plex:media_server:1.24.4.5081
Plex » Media Server » Version: 1.25.0.5282

cpe:2.3:a:plex:media_server:1.25.0.5282
Plex » Media Server » Version: 1.42.2.10156

cpe:2.3:a:plex:media_server:1.42.2.10156

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-69415

Products

Pricing

Contact Us