See Also - Plex warns users to patch security vulnerability immediately
August 27, 2025 By Zeljka Zorz
Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has warned.
About CVE-2025-34158
Plex Media Server (PMS) is software that allows users to turn their Windows/Linux/macOS computer or their network-attached storage devices into a personal media server. It organizes their movies, music, photos, and other media and enables them to stream the content on nearly any device.
CVE-2025-34158 is an improper input validation vulnerability that affects PMS versions 1.41.7.x to 1.42.0.x, and has been fixed in version 1.42.1.
The flaw’s CVSS score is the highest possible, and tells us that it can be exploited remotely over the internet, without user interaction or attackers having to authenticate first.
