Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606.
History

Mon, 25 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Sonos
Sonos era 300
Sonos s2
CPEs cpe:2.3:a:sonos:s2:*:*:*:*:*:*:*:*
cpe:2.3:h:sonos:era_300:-:*:*:*:*:*:*:*
Vendors & Products Sonos
Sonos era 300
Sonos s2

Wed, 23 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 23 Apr 2025 17:00:00 +0000

Type Values Removed Values Added
Description Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606.
Title Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability
Weaknesses CWE-787
References
Metrics cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2025-04-23T18:15:44.046Z

Reserved: 2025-02-04T21:26:36.573Z

Link: CVE-2025-1050

cve-icon Vulnrichment

Updated: 2025-04-23T18:15:38.635Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-23T17:16:52.127

Modified: 2025-08-25T14:43:50.460

Link: CVE-2025-1050

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.