Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
https://www.helpnetsecurity.com/2025/08/27/plex-media-server-cve-2025-34158-attack/
https://www.tenable.com/security/research/tra-2020-32
http://packetstormsecurity.com/files/158470/Plex-Unpickle-Dict-Windows-Remote-Code-Execution.html