Security Advisory

CVE-2025-69416

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-02 16:52:56

Last updated 2026-01-02 21:03:41

Assigner mitre

State PUBLISHED

Description

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.

← Browse all CVEs View on cve.org ↗