Heap-Based Buffer Overflow Vulnerability in Sonos Era 300 Speakers
CVE-2025-1049

8.8HIGH

Key Information:

Vendor: Sonos
Status: Era 300
Vendor: CVE Published:; 23 April 2025

What is CVE-2025-1049?

The Sonos Era 300 speakers have a vulnerability that allows network-adjacent attackers to execute arbitrary code without any authentication. The flaw stems from improper validation of user-supplied data length during ID3 data processing, leading to a heap-based buffer overflow. By exploiting this weakness, an attacker could execute code within the context of the anacapa user, raising significant security concerns for affected devices.

Affected Version(s)

Era 300 81.1-58074

References

https://www.zerodayinitiative.com/advisories/ZDI-25-224/

x_research-advisory

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2025
Vulnerability Reserved
Feb 4, 2025