CVE-2020-5741β€”Plex Media Server Remote Code Execution Vulnerability

PUBLISHEDvulnerability record
2023-03-10 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2020-5741
Project:
Plex
Product:
Media Server
Date Added:
2023-03-10
Due Date:
2023-03-31
Last Updated:
June 21, 2025

Vulnerability Name

Plex Media Server Remote Code Execution Vulnerability

Description

Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply updates per vendor instructions.

Additional Notes

Related News Articles

Related Weaknesses