AI description
CVE-2025-1050 is an out-of-bounds write vulnerability found in Sonos Era 300 speakers. It allows a network-adjacent attacker to write data past the end or before the beginning of the intended buffer, potentially impacting confidentiality, integrity, and availability. The vulnerability can be triggered by manipulating an unknown input, leading to the out-of-bounds write. It can be exploited within the local network without authentication. To eliminate this vulnerability, users should upgrade their devices.
- Description
- Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-787
- Hype score
- Not currently trending
Use after free exploitation (CVE-2025-1050) in the Sonos Era 300 (Pwn2Own 2024) https://t.co/pBGDQtN87Q Credits Jack Dates & Markus Gaasedelen #infosec #embedded https://t.co/pniwfKgwfp
@0xor0ne
14 Aug 2025
2945 Impressions
15 Retweets
76 Likes
13 Bookmarks
0 Replies
0 Quotes
Exploiting a use after free (CVE-2025-1050) in the Sonos Era 300 (Pwn2Own 2024) https://t.co/pBGDQtN87Q Credits Jack Dates & Markus Gaasedelen #infosec #embedded https://t.co/yoOUn6TkdR
@0xor0ne
29 Jun 2025
8564 Impressions
30 Retweets
185 Likes
60 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-1050 🔴 HIGH (8.8) 🏢 Sonos - Era 300 🏗️ 81.1-58074 🔗 https://t.co/A34xwsn8dw #CyberCron #VulnAlert #InfoSec https://t.co/6LbOm7CBHF
@cybercronai
25 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1050 Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos … https://t.co/9DZr9EHAKw
@CVEnew
23 Apr 2025
297 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1050: HIGH] Critical Sonos Era 300 vulnerability allows attackers to execute code via malformed HLS data. No authentication needed for code execution. More info on ZDI-CAN-25606.#cve,CVE-2025-1050,#cybersecurity https://t.co/Xx5C3vL2m7 https://t.co/i6jIFYoDqT
@CveFindCom
23 Apr 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes