vulnerability
FreeBSD: VID-98f78c7a-a08e-11ed-946e-002b67dfc673 (CVE-2021-42835): Plex Media Server -- security vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Jan 30, 2023 | Jan 31, 2023 | Dec 10, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Jan 30, 2023
Added
Jan 31, 2023
Modified
Dec 10, 2025
Description
Plex Security Team reports: We have recently been made aware of a security vulnerability in Plex Media Server versions prior to 1.25.0 that could allow a local Windows user to obtain administrator privileges without authorization. To be clear, this required the user to already have local, physical access to the computer (just with a different user account on Windows). There are no indications that this exploit could be used from a remote machine. Plex Media Server versions 1.25.0.5282 and newer are not subject to this vulnerability, and feature additional hardening to prevent similar issues from occurring in the future. Users running older server versions are encouraged to update their Plex Media Server installations.
Solutions
freebsd-upgrade-package-plexmediaserverfreebsd-upgrade-package-plexmediaserver-plexpass
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.