CVE-2025-34158 is a vulnerability in Plex Media Server
Published on August 21, 2025
Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner (and a /api/resources call reveals other servers accessible by that server owner).
Weakness Type
Incorrect Resource Transfer Between Spheres
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
Products Associated with CVE-2025-34158
Want to know whenever a new CVE is published for Plex Media Server? stack.watch will email you.
Affected Versions
Plex Media Server:- Version 1.41.7.x and below 1.42.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.