- Description
- Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ID3 data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25601.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-122
- Hype score
- Not currently trending
🚨 CVE-2025-1049 🔴 HIGH (8.8) 🏢 Sonos - Era 300 🏗️ 81.1-58074 🔗 https://t.co/B6Q8ZfFV5s #CyberCron #VulnAlert #InfoSec https://t.co/x4V71OlXPG
@cybercronai
25 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1049 Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected… https://t.co/UNqT6mpvdE
@CVEnew
23 Apr 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1049: HIGH] Critical remote code execution vulnerability discovered in Sonos Era 300 speakers. Attackers can exploit heap-based buffer overflow without authentication. Vulnerability ID: ZDI-CAN-25601.#cve,CVE-2025-1049,#cybersecurity https://t.co/fWrTNhKltR https://t.co
@CveFindCom
23 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes