CVE-2025-69417

Published January 2nd, 2026

View on NVD ↗

CVSS v3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.

lufinkey/vulnerability-research

Collection of CVEs that i've discovered

GitHub