Security Flaws Expose Multiple Sonos Speaker Systems

Recent reports indicate that multiple Sonos speaker systems are vulnerable to security breaches that could allow attackers to inject malicious code. Users are urged to apply the available updates promptly.

Investigations by the Zero-Day Initiative (ZDI) in collaboration with Sonos have identified three critical security vulnerabilities. While these flaws narrowly missed being classified as critical security risks, they can be exploited without prior authentication.

The first vulnerability arises from inadequate validation during the processing of SMB (Server Message Block) data, which relates to Windows network shares. This can lead to unauthorized operations being performed on non-existent objects (CVE-2025-1048, CVSS 8.8, categorized as high risk).

Additionally, a significant security issue was identified in how the systems handle ID3 tags, commonly found in MP3 files. The software does not adequately check the length of user-supplied data before copying it into a heap buffer. This oversight creates a potential buffer overflow, enabling attackers to execute malicious code in the context of the user account 'anacapa' (CVE-2025-1049, CVSS 8.8, high risk).

Similarly, vulnerabilities also exist in the processing of HLS (HTTP Live Streaming) playlist data. Here, the lack of proper length validation of user-provided data can lead to write access beyond the allocated limit of a data structure, inadvertently allowing the execution of injected malicious code by the user 'anacapa' (CVE-2025-1050, CVSS 8.8, high risk).

According to the ZDI vulnerability entries, these issues predominantly affect Sonos Era-300 systems. However, a security advisory from Sonos clarifies that all Sonos S1 and S2 systems, particularly those with versions prior to v16.6 (Build 83.1-61240) and Sonos S1 versions earlier than v11.15.1 (Build 57.22-61162), are also at risk. These vulnerabilities were discovered during the Pwn2Own event in Ireland in 2024.

Sonos has provided user guidance on how to implement the necessary updates to secure their devices effectively.

In related news, Sonos faced challenges last year with a problematic launch of its new app. In response, the company has initiated a seven-point action plan aimed at enhancing processes and rebuilding trust within the community.