Remote Code Execution Flaw in Sonos Era 300 Speaker by Sonos
CVE-2025-1048

8.8HIGH

Key Information:

Vendor: Sonos
Status: Era 300
Vendor: CVE Published:; 23 April 2025

What is CVE-2025-1048?

A vulnerability in the Sonos Era 300 Speaker allows network-adjacent attackers to exploit a use-after-free condition in the processing of SMB data. This flaw arises from inadequate validation of object existence before performing operations. An attacker can potentially execute arbitrary code in the context of the anacapa user, posing serious risks to system integrity without needing authentication.

Affected Version(s)

Era 300 81.1-58074

References

https://www.zerodayinitiative.com/advisories/ZDI-25-223/

x_research-advisory

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2025
Vulnerability Reserved
Feb 4, 2025