Over 300,000 Plex servers remain vulnerable to CVE-2025-34158, a critical flaw rated 10/10 severity. Learn why this exploit is dangerous and how to secure your Plex Media Server.
.png "Over 300,000 Plex Servers Remain Vulnerable to Critical Exploit")
Over 300,000 Plex Servers Remain Vulnerable to Critical Exploit (CVE-2025-34158)
Despite Plex warning users and sending urgent emails, more than 300,000 Plex Media Servers are still running vulnerable versions of the software, exposing owners to serious cyberattacks.
A Widespread Security Risk
Security researchers at Censys revealed that out of 428,083 Plex servers exposed online last week, 314,000 remain unpatched. This means only around 100,000 servers have applied the latest update a worryingly low adoption rate.
The flaw, now tracked as CVE-2025-34158, has been rated with a CVSS score of 10.0 the maximum severity level. Such vulnerabilities are considered “critical” because they:
- Can be exploited remotely over the internet.
- Require no authentication or user interaction.
- Allow attackers to gain full control of the affected server.
What Attackers Could Do
If exploited, the vulnerability could result in a total compromise of the Plex server. Attackers might:
- Access or steal private media libraries.
- Modify or delete files.
- Disable or destroy the entire Plex server.
While Plex initially withheld details to prevent abuse, enough information is now public to make unpatched servers a prime target for hackers.
Why This Matters Beyond Plex
Plex servers are widely used for personal and small business media streaming. Leaving them unpatched could also provide attackers with a gateway into larger networks.
A notable example occurred during the LastPass breach in 2022, when attackers exploited an older Plex vulnerability (CVE-2020-5741) on an employee’s home server to gain access to corporate systems.
No Public Exploit Yet But Time Is Running Out
For now, there’s no public proof-of-concept (PoC) exploit available, which has bought users some time. But with so many vulnerable servers still online, security experts warn that it’s only a matter of time before attackers weaponize this flaw.
What Plex Users Should Do Now
If you’re running a Plex Media Server, the solution is simple: update immediately.
- Open Plex Media Server settings.
- Check for updates.
- Install the latest version.
Even if you missed the patch when it was released two weeks ago, updating now is critical.
Final Thoughts
Leaving your Plex server unpatched puts your personal data and potentially your wider network at risk. With over 300,000 vulnerable servers still online, attackers have a massive pool of targets.
👉 If you haven’t updated yet, do it today. Security flaws like CVE-2025-34158 won’t stay quiet forever.