Security Advisory: 2024-0002

Advisory ID: SSA-2024-0002
Severity: High
Issue Date: 2025-02-12
CVE(s): CVE-2025-1048, CVE-2025-1049, CVE-2025-1050

Synopsis: Recent software updates address multiple security vulnerabilities (CVE-2025-1048, CVE-2025-1049, CVE-2025-1050)

1. Impacted Products

• All S1 and S2 Systems.

Affected versions: All releases prior to Sonos Systems release v16.6 (build 83.1-61240) and Sonos S1 System release v11.15.1 (build 57.22-61162)

2. Introduction
Multiple vulnerabilities were reported by security researchers through the security competition Pwn2Own 2024. Updates are available to remediate these vulnerabilities in affected Sonos products.

3. Remote Code Execution ( CVE-2025-1048)
Description: A vulnerability exists in the affected devices’s handling of HLS could allow an attacker to gain remote code execution on the device.
Known Attack Vectors: A malicious, close-proximity attacker could exploit this vulnerability to remotely execute arbitrary code.
Resolution: To remediate CVE-2025-1048 apply the Sonos Systems Update v16.6 (build 83.1-61240) or later, or Sonos S1 System v11.15.1 (build 57.22-61162) or later.
Workarounds: None
Additional Documentation: None
Notes: None
Acknowledgments: Sonos would like to thank RET2 Systems and Zero Day Initiative for their responsible disclosure by reporting this issue to us.

4. Remote Code Execution (CVE-2025-1049)
Description: A vulnerability in the affected devices’ MPEG-TS parsing code could allow an attacker to gain remote code execution on the device.
Known Attack Vectors: A malicious, close-proximity attacker could exploit this vulnerability to remotely execute arbitrary code.
Resolution: To remediate CVE-2025-1049 apply the Sonos Systems Update v16.6 (build 83.1-61240) or later, or Sonos S1 System v11.15.1 (build 57.22-61162) or later.
Workarounds: None
Additional Documentation: None
Notes: None
Acknowledgments: Sonos would like to thank InfoSect and Zero Day Initiative for their responsible disclosure by reporting this issue to us.

5. Use After Free Vulnerability (CVE-2025-1050)
Description: A vulnerability exists in the SMB2 protocol implementation within the affected product that stems from a Use-After-Free (UAF) condition, which occurs when a memory location is accessed after it has been freed, leading to unpredictable behavior.
Known Attack Vectors: A malicious actor could send a specially crafted SMB2 message to the affected device, triggering the UAF condition and potentially leading to remote code execution.
Resolution: To remediate CVE-2025-1050 apply the Sonos Systems Update v16.6 (build 83.1-61240) or later. This bug does not apply to the Sonos S1 System.
Workarounds: None
Additional Documentation: None
Notes: None
Acknowledgments: Sonos would like to thank Viettel Cyber Security and Zero Day Initiative for their responsible disclosure by reporting this issue to us.