CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-69416

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.3%

CVSS Severity

CVSS v3 Score 5.0

References

https://github.com/lufinkey/vulnerability-research/blob/main/CVE-2025-34158/README.md

Products affected by CVE-2025-69416

Plex » Media Server » Version: N/A

cpe:2.3:a:plex:media_server:-
Plex » Media Server » Version: 0.9.9.2

cpe:2.3:a:plex:media_server:0.9.9.2
Plex » Media Server » Version: 1.13.2.5154

cpe:2.3:a:plex:media_server:1.13.2.5154
Plex » Media Server » Version: 1.18.2.2029

cpe:2.3:a:plex:media_server:1.18.2.2029
Plex » Media Server » Version: 1.18.2.2029-36236cc4c

cpe:2.3:a:plex:media_server:1.18.2.2029-36236cc4c
Plex » Media Server » Version: 1.19.1.2701

cpe:2.3:a:plex:media_server:1.19.1.2701
Plex » Media Server » Version: 1.19.3

cpe:2.3:a:plex:media_server:1.19.3
Plex » Media Server » Version: 1.21

cpe:2.3:a:plex:media_server:1.21
Plex » Media Server » Version: 1.24.4.5081

cpe:2.3:a:plex:media_server:1.24.4.5081
Plex » Media Server » Version: 1.25.0.5282

cpe:2.3:a:plex:media_server:1.25.0.5282
Plex » Media Server » Version: 1.42.2.10156

cpe:2.3:a:plex:media_server:1.42.2.10156

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-69416

Products

Pricing

Contact Us