Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the processing of SMB data. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25535.
History

Mon, 25 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Sonos
Sonos era 300
Sonos s1
Sonos s2
CPEs cpe:2.3:a:sonos:s1:*:*:*:*:*:*:*:*
cpe:2.3:a:sonos:s2:*:*:*:*:*:*:*:*
cpe:2.3:h:sonos:era_300:-:*:*:*:*:*:*:*
Vendors & Products Sonos
Sonos era 300
Sonos s1
Sonos s2

Wed, 23 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 23 Apr 2025 17:00:00 +0000

Type Values Removed Values Added
Description Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMB data. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25535.
Title Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability
Weaknesses CWE-416
References
Metrics cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2025-04-23T18:27:53.552Z

Reserved: 2025-02-04T21:26:14.789Z

Link: CVE-2025-1048

cve-icon Vulnrichment

Updated: 2025-04-23T18:27:47.767Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-23T17:16:51.843

Modified: 2025-08-25T14:40:54.833

Link: CVE-2025-1048

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.