CVE ID
CVE-2020-5741
Vulnerability Name
Plex Media Server Remote Code Execution Vulnerability
- Project: Plex
- Product: Media Server
Date
- Date Added: 2023-03-10
- Due Date: 2023-03-31
Description
Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819; https://nvd.nist.gov/vuln/detail/CVE-2020-5741
Related Security News
- 300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158
- Plex warns users to patch security vulnerability immediately
Top comments (0)