A high-severity vulnerability has been discovered in multiple products from the vendor Media, which could allow an unauthenticated attacker to gain unauthorized access to the system. Successful exploitation could lead to the exposure of sensitive configuration data and user information, potentially enabling further compromise of the network. Organizations are urged to apply the vendor-provided security updates immediately to mitigate this risk.

The vulnerability exists due to an improper access control mechanism within the Plex Media Server (PMS) software. A specific API endpoint fails to properly validate user authentication and authorization, allowing a remote, unauthenticated attacker to send a specially crafted HTTP request to bypass security controls. Successful exploitation grants the attacker access to sensitive server information, including configuration files, media library metadata, and potentially user authentication tokens, which could be leveraged to escalate privileges.

This vulnerability is rated as High severity with a CVSS score of 7.1. Exploitation could lead to significant business consequences, including a breach of sensitive corporate or personal data stored on the media server. Unauthorized access to configuration files may expose credentials for other integrated systems, creating a pathway for lateral movement within the network. The potential for data exfiltration and account takeovers poses a direct risk to confidentiality and could result in reputational damage, regulatory fines, and a loss of customer trust.

Immediate Action: Organizations must prioritize the deployment of security patches provided by the vendor across all affected systems. In addition to patching, system administrators should actively monitor for signs of exploitation by thoroughly reviewing system and application access logs for any unusual or unauthorized activity originating from untrusted sources.

Proactive Monitoring: Security teams should configure monitoring and alerting for anomalous HTTP requests targeting the affected server endpoints. Specifically, look for unusual traffic patterns or direct access attempts to administrative APIs from external, untrusted IP addresses. Review application logs for unauthorized access to media libraries or configuration settings that deviate from established baselines.

Compensating Controls: If immediate patching is not feasible, restrict network access to the affected media servers. Ensure the server is placed behind a firewall and that access is limited to trusted, internal IP addresses only. Consider implementing a Web Application Firewall (WAF) with specific rules designed to inspect and block malicious requests targeting the vulnerable API endpoint.

Public Exploit Available: false

This is a high-severity vulnerability that permits a remote, unauthenticated attacker to access sensitive information. Due to the CVSS score of 7.1 and the critical nature of the flaw, immediate patching is strongly recommended. Although this vulnerability is not currently listed on the CISA KEV catalog, its severity warrants urgent attention. Organizations should treat this as a critical priority and apply the vendor-supplied patches without delay to prevent potential exploitation and protect sensitive corporate and user data.