Out-of-Bounds Write Vulnerability in Sonos Era 300 Speakers
CVE-2025-1050

8.8HIGH

Key Information:

Vendor: Sonos
Status: Era 300
Vendor: CVE Published:; 23 April 2025

What is CVE-2025-1050?

The Sonos Era 300 contains a vulnerability that permits network-adjacent attackers to execute arbitrary code on the device without requiring authentication. This security flaw arises from improper validation of user-supplied data during the processing of HLS playlist data, resulting in a potential write beyond the allocated memory space. An attacker could exploit this weakness to run malicious code under the context of the vulnerable user account.

Affected Version(s)

Era 300 81.1-58074

References

https://www.zerodayinitiative.com/advisories/ZDI-25-225/

x_research-advisory

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2025
Vulnerability Reserved
Feb 4, 2025