Ethical Hacking News
A new security vulnerability has been discovered in Plex Media Server software, prompting the company to urge its users to update their software immediately. The vulnerability affects versions 1.41.7.x to 1.42.0.x of the media server software and can be exploited by threat actors to gain unauthorized access to systems. Users are advised to patch their software as soon as possible in order to prevent potential threats from exploiting this vulnerability.
Plex Media Server users are urged to patch a newly discovered security vulnerability in versions 1.41.7.x to 1.42.0.x. The vulnerability allows for remote code execution (RCE) and has been actively exploited in attacks by threat actors. The updated version, 1.42.1.10060, can be downloaded from the server management page or official downloads page. Plex is emailing customers about securing their systems against this specific vulnerability, unlike other companies that often rely on patch notes and system updates.
Plex Media Server users are being urged by the company's administrators to patch a newly discovered security vulnerability as soon as possible. The vulnerability, which affects versions 1.41.7.x to 1.42.0.x of the media server software, was recently identified and patched by Plex.
In an email sent out on Thursday, August 15, 2025, to users whose media servers are running affected versions, Plex notified them that there is a potential security issue affecting their Plex Media Server software. The company stated that it received a report via its bug bounty program about the vulnerability and was able to address the issue by releasing an updated version of the server.
According to Plex, the updated version, 1.42.1.10060, can be downloaded from the server management page or the official downloads page. The company advised users to update their software as soon as possible in order to prevent potential threats from exploiting the vulnerability.
While Plex has experienced its share of critical and high-severity security flaws over the years, this is one of the few instances where the company has emailed customers about securing their systems against a specific vulnerability. This is a stark contrast to other companies that often rely on patch notes and system updates to alert users of potential vulnerabilities.
One notable example of a recent Plex security incident occurred in August 2022 when an attacker gained access to a database containing emails, usernames, and encrypted passwords for LastPass users. The company subsequently notified users to reset their passwords as a precautionary measure.
The same month that the data breach at LastPass occurred, Plex also issued a warning about another potential security vulnerability in its software. However, unlike this recent incident, no further information was provided regarding the specific nature of the vulnerability or how it could be exploited.
To put the severity of this particular security flaw into perspective, experts have noted that remote code execution (RCE) vulnerabilities can be particularly nasty because they allow attackers to execute malicious code on a system. Successful exploitation of an RCE vulnerability can result in serious consequences for users, including compromised systems and sensitive data theft.
It is worth noting that the cybersecurity agency, CISA (Cybersecurity and Infrastructure Security Agency), has tagged this particular RCE flaw as actively exploited in attacks. The fact that a threat actor was able to exploit this vulnerability just four days after it was patched by Plex highlights the importance of keeping software up-to-date and taking proactive steps to secure systems.
Overall, the recent discovery of this security vulnerability in Plex Media Server software is a stark reminder of the ongoing need for users to prioritize cybersecurity. By patching the software as soon as possible, users can prevent potential threats from exploiting the vulnerability and ensure that their systems remain safe and secure.
Related Information:
https://www.ethicalhackingnews.com/articles/Plex-Urges-Users-to-Patch-Security-Vulnerability-Immediately-Amidst-Wider-Cybersecurity-Concerns-ehn.shtml
https://www.bleepingcomputer.com/news/security/plex-warns-users-to-patch-security-vulnerability-immediately/
Published: Fri Aug 15 06:49:45 2025 by llama3.2 3B Q4_K_M
