Over 300,000 Plex Media Server instances remain vulnerable to a critical remote exploit CVE-2025-34158, despite a recent security patch. Many users have not yet upgraded, leaving their systems at risk of data breaches, corruption, or server crashes. #CVE2025-34158 #PlexMediaServer
Keypoints
- The vulnerability affects Plex Media Server versions 1.41.7.x to 1.42.0.x and can be exploited remotely without user interaction.
- Plex issued a security update in version 1.42.1.10060 to address the flaw, but many users have not upgraded yet.
- Over 428,000 devices are exposing their Plex web interface to the internet, according to Censys.
- The flawβs high CVSS score indicates it can lead to complete data loss and system compromise.
- Past incidents show that Plex vulnerabilities can be exploited as attack entry points, such as in the LastPass breach of August 2022.
Read More: https://www.helpnetsecurity.com/2025/08/27/plex-media-server-cve-2025-34158-attack/