Skip to main content
  • 製品
  • 学ぶ
  • サポート
  • プロフェッショナル

Security Advisory: 2024-0002

Advisory ID: SSA-2024-0002
Severity: High
Issue Date: 2025-02-12
CVE(s): CVE-2025-1048, CVE-2025-1049, CVE-2025-1050

Synopsis: Recent software updates address multiple security vulnerabilities (CVE-2025-1048, CVE-2025-1049, CVE-2025-1050)

1. Impacted Products

  • All S1 and S2 Systems.

Affected versions: All releases prior to Sonos Systems release v16.6 (build 83.1-61240) and Sonos S1 System release v11.15.1 (build 57.22-61162)

2. Introduction
Multiple vulnerabilities were reported by security researchers through the security competition Pwn2Own 2024. Updates are available to remediate these vulnerabilities in affected Sonos products.

3. Remote Code Execution ( CVE-2025-1048)
Description: A vulnerability exists in the affected devices’s handling of HLS could allow an attacker to gain remote code execution on the device.
Known Attack Vectors: A malicious, close-proximity attacker could exploit this vulnerability to remotely execute arbitrary code.
Resolution: To remediate CVE-2025-1048 apply the Sonos Systems Update v16.6 (build 83.1-61240) or later, or Sonos S1 System v11.15.1 (build 57.22-61162) or later.
Workarounds: None
Additional Documentation: None
Notes: None
Acknowledgments: Sonos would like to thank RET2 Systems and Zero Day Initiative for their responsible disclosure by reporting this issue to us.

4. Remote Code Execution (CVE-2025-1049)
Description: A vulnerability in the affected devices’ MPEG-TS parsing code could allow an attacker to gain remote code execution on the device.
Known Attack Vectors: A malicious, close-proximity attacker could exploit this vulnerability to remotely execute arbitrary code.
Resolution: To remediate CVE-2025-1049 apply the Sonos Systems Update v16.6 (build 83.1-61240) or later, or Sonos S1 System v11.15.1 (build 57.22-61162) or later.
Workarounds: None
Additional Documentation: None
Notes: None
Acknowledgments: Sonos would like to thank InfoSect and Zero Day Initiative for their responsible disclosure by reporting this issue to us.

5. Use After Free Vulnerability (CVE-2025-1050)
Description: A vulnerability exists in the SMB2 protocol implementation within the affected product that stems from a Use-After-Free (UAF) condition, which occurs when a memory location is accessed after it has been freed, leading to unpredictable behavior.
Known Attack Vectors: A malicious actor could send a specially crafted SMB2 message to the affected device, triggering the UAF condition and potentially leading to remote code execution.
Resolution: To remediate CVE-2025-1050 apply the Sonos Systems Update v16.6 (build 83.1-61240) or later. This bug does not apply to the Sonos S1 System.
Workarounds: None
Additional Documentation: None
Notes: None
Acknowledgments: Sonos would like to thank Viettel Cyber Security and Zero Day Initiative for their responsible disclosure by reporting this issue to us.

最新情報をお届け

登録すると、新製品や限定オファーなどの最新情報をお知らせします。

お客様は、Sonosから最新情報やプロモーションなどのお知らせを受け取ることに同意されたものとみなされます。詳細は、 Privacy Statement をご覧ください。

サポート

  • アカウント
  • 店舗検索
  • お問い合わせ
  • Sonosコミュニティ

サポート

セール

  • ラストチャンス
  • Sonosベータ版

セール

Sonosについて

  • Sonosについて
  • ニュース
  • メディアキット
  • 採用情報
  • 投資家向け情報 (English Only)
  • サステナビリティ&環境への影響 (English Only)
  • Sonos創業ストーリー
  • ブログ
  • Sonosアプリ

Sonosについて

法人向け

  • 設置業者向け
  • 開発者向けポータル
  • トレード
  • Works with Sonos

法人向け

カテゴリー

  • ヘッドフォン
  • スピーカー
  • ポータブルスピーカー
  • ホームシアター
  • サウンドバー
  • コンポーネント
  • アクセサリー

カテゴリー

製品

  • Sonos Play
  • Sonos Ace
  • Sonos Arc Ultra
  • Sonos Beam (Gen 2)
  • Sonos Ray
  • Sonos Era 100
  • Sonos Era 100 SL
  • Sonos Era 300
  • Sonos Roam 2
  • Sonos Move
  • Sonos Sub 4
  • Sonos Sub Mini
  • Sonos Five
  • Sonos Amp
  • Sonos Port

製品

© 2026 Sonos, Inc.
  • 法的情報
  • プライバシーに関する声明
  • アクセシビリティ
  • 適合宣言書
  • サイトマップ
  • セキュリティ