CVE-2021-42835

HIGH

Plex Media Server < 1.25.0.5282 - Local Privilege Escalation via Update Service RPC TOCTOU Race Condition

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-42835. PoCs published by netanelc305.

AI-analyzed exploit summary This PoC exploits a TOCTOU (Time-of-Check to Time-of-Use) race condition in Plex Media Server (CVE-2021-42835) by swapping a mount point to replace a legitimate update file with a malicious one. It uses an oplock on `cacert.pem` to trigger the swap during the update process.

Description

An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM).

Exploits (1)

nomisec WORKING POC 6 stars
by netanelc305 · poc
https://github.com/netanelc305/PlEXcalaison

This PoC exploits a TOCTOU (Time-of-Check to Time-of-Use) race condition in Plex Media Server (CVE-2021-42835) by swapping a mount point to replace a legitimate update file with a malicious one. It uses an oplock on `cacert.pem` to trigger the swap during the update process.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: Plex Media Server
No auth needed
Prerequisites: Access to the target system · Ability to create mount points and set oplocks · Knowledge of Plex update file paths
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Product, Vendor Advisory x_refsource_misc
https://www.plex.tv/media-server-downloads/
Third Party Advisory x_refsource_misc
https://bugsec.com/experts_teams/
Exploit, Third Party Advisory x_refsource_misc
https://ir-on.io/2021/12/02/local-privilege-plexcalation/

Scores

CVSS v3 7.0
EPSS 0.0117
EPSS Percentile 63.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-367
Status published
Products (1)
plex/media_server < 1.25.0.5282
Published Dec 08, 2021
Tracked Since Feb 18, 2026