CyberSec.Space Logo
Back to CVE Browser

CVE-2020-5741

Known Exploited (CISA KEV)HIGH
7.2
CVSS Severity Score
EPSS Score91.7460%
EPSS Percentile86.41th
PublishedMay 8, 2020
Last ModifiedOct 31, 2025

Vulnerability Description

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.

Affected Platforms (CPE)

πŸ“¦
Plex

Media Server

< 1.19.3

References & Advisories

πŸ”— http://packetstormsecurity.com/files/158470/Plex-Unpickle-Dict-Windows-Remote-Code-Execution.html
πŸ”— https://www.tenable.com/security/research/tra-2020-32
πŸ”— http://packetstormsecurity.com/files/158470/Plex-Unpickle-Dict-Windows-Remote-Code-Execution.html
πŸ”— https://www.tenable.com/security/research/tra-2020-32
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-5741

Related Vulnerabilities

CVE-2019-1665010.0

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same ...

CVE-2005-261110.0

VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare M...

CVE-2019-1664910.0

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual med...

CVE-2006-428910.0

Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code...