- Description
- Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-787
- Hype score
- Not currently trending
🚨 CVE-2025-1050 🔴 HIGH (8.8) 🏢 Sonos - Era 300 🏗️ 81.1-58074 🔗 https://t.co/A34xwsn8dw #CyberCron #VulnAlert #InfoSec https://t.co/6LbOm7CBHF
@cybercronai
25 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1050 Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos … https://t.co/9DZr9EHAKw
@CVEnew
23 Apr 2025
297 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1050: HIGH] Critical Sonos Era 300 vulnerability allows attackers to execute code via malformed HLS data. No authentication needed for code execution. More info on ZDI-CAN-25606.#cve,CVE-2025-1050,#cybersecurity https://t.co/Xx5C3vL2m7 https://t.co/i6jIFYoDqT
@CveFindCom
23 Apr 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes