CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

CVE-2025-69414

Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...

CVE-2025-69414

Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...

CVE-2025-69414

Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

CVE-2025-69415

In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...

CVE-2025-69415

CVE-2025-69415 affects Plex Media Server (PMS). According to NVD/narratives, PMS <= 1.42.2.10156 allows accessing /myplex/account with a device token that is not properly aligned with the device’s current account association. The OpenVAS entry for Plex Media Server

CVE-2025-69414

Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...

CVE-2025-69414

Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...

CVE-2025-69414

Plex Media Server (PMS) shows token leakage vulnerabilities across multiple CVEs. Specifically, CVE-2025-69414 (PMS up to 1.42.2.10156) allows retrieval of a permanent access token via /myplex/account using a transient token. OpenVAS notes PMS

PT-2026-1106

Name of the Vulnerable Software and Affected Versions Plex Media Server versions through 1.42.2.10156 Description Plex Media Server PMS allows retrieval of a permanent access token via a /myplex/account call when using a transient access token. The API endpoint /myplex/account is involved in this...

Plex media server 安全漏洞

Plex media server is a media player from Plex. A security vulnerability exists in Plex media server version 1.42.2.10156 and earlier, which stems from the ability to access /myplex/account using a device token that is not properly aligned with whether or not the device currently has an account...