CVE-2025-69417

Publication date

2026-01-02 16:55:18

Family

mitre

State

PUBLISHED

Description

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.