CVE-2025-69414

Description

Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.

PUBLISHED Reserved 2026-01-02 | Published 2026-01-02 | Updated 2026-01-02 | Assigner mitre

Problem types

CWE-863 Incorrect Authorization

Product status

References

github.com/...ty-research/blob/main/CVE-2025-34158/README.md

cve.org (CVE-2025-69414)

nvd.nist.gov (CVE-2025-69414)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.