CVE-2025-34158 | THREATINT

Description

Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres.

PUBLISHED Reserved 2025-04-15 | Published 2025-08-21 | Updated 2025-08-28 | Assigner mitre

HIGH: 8.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Problem types

CWE-669 Incorrect Resource Transfer Between Spheres

Product status

Default status

unaffected

1.41.7.x before 1.42.1

affected

Credits

Luis Finke finder

References

www.plex.tv/media-server-downloads/

forums.plex.tv/t/plex-media-server-security-update/928341

www.bleepingcomputer.com/...urity-vulnerability-immediately/

www.runzero.com/blog/plex/

www.tenable.com/plugins/nessus/250294

www.vulncheck.com/advisories/plex-media-server-unspecified

github.com/...ulnerability-research/tree/main/CVE-2025-34158

cve.org (CVE-2025-34158)

nvd.nist.gov (CVE-2025-34158)

Download JSON

help @ threatint.eu