Skip to main content
  • Sale
  • Shoppen
  • Leer meer
  • Ondersteuning
  • Professional
  • Winkelwagen

Security Advisory: 2025-0002

Advisory ID: SSA-2025-0002
Severity: High
Issue Date: 2025-08-25
CVE(s): None

Synopsis: Recent software updates include security enhancements that address potential vulnerabilities in networking protocol used by certain third-party integrations.

1. Impacted Products

  • All S1 and S2 Sonos Speakers with at least one authenticated (i.e., login-based, not anonymous) music service provider (MSP) integration.
  • Affected versions: All releases prior to Sonos Systems release v17.1.1 (build 85.0-66270) and Sonos S1 System release v11.15.3 (build 57.22-65130)

2. Introduction
A potential vulnerability was identified in Sonos speakers that could allow an unauthorized user on the same Local Area Network (LAN) to access third-party music service tokens.

3. Third-Party Access Token Vulnerability
Known Attack Vectors: Malicious actors with access to the same Local Area Network as the Sonos speakers can subscribe to UPnP events of a speaker to obtain third-party access tokens. This issue is limited in scope and does not affect users unless a malicious actor gains access to their local network environment.

4. Recommended Mitigations
Resolution:

  • For Sonos S2 System:

Users are advised to disable “UPnP” in your Sonos App settings. Doing this may impact third party control applications that use the UPnP protocol such as SonoPhone or QQMusic.

This guide explains how to disable "Legacy Integrations" on your Sonos system.

  • Open the Sonos app on your device.
  • Go to Account, and select Privacy & Security.
  • Find the UPnP setting and set it to Off.
  • For Sonos S1 System:

S1 was built on an old architecture that relies on the legacy UPnP protocol, which means this issue cannot be resolved via software update. Users are encouraged to implement the workaround outlined below to mitigate risk.

Workaround:

To reduce potential risk on S1 systems, users should ensure that only trusted individuals and devices have access to their local Wi-Fi network. Exploitation of the issue requires a device to be connected to the same LAN as the speaker system.

Mis nooit meer een beat of aanbod

Schrijf je in en ontvang de laatste updates over nieuwe producten en exclusieve aanbiedingen.

Je gaat ermee akkoord dat Sonos je updates, speciale aanbiedingen en andere berichten stuurt. Je kunt je op elk gewenst moment afmelden. Bekijk onze Privacyverklaring voor meer informatie.

Help

  • Account
  • Status bestelling
  • Verzending en bezorging
  • Retourneringen en garantie
  • Winkelzoeker
  • Neem contact met ons op
  • Verkoopvoorwaarden
  • Sonos Community

Help

Aanbiedingen

  • Laatste kans
  • Gecertificeerd refurbished
  • Het upgradeprogramma van Sonos
  • Sonos Bèta

Aanbiedingen

Over Sonos

  • Ons bedrijf
  • Nieuws
  • Mediakits
  • Vacatures
  • Investeerders
  • Duurzaamheid en impact
  • Hoe het allemaal begon
  • Blog
  • Sonos-app
  • Reviews

Over Sonos

Voor bedrijven

  • Professionele inbouwoplossingen
  • Dealerstore
  • Developerportal
  • Trades
  • Werkt met Sonos

Voor bedrijven

Categorieën

  • Koptelefoon
  • Speakers
  • Draagbare speakers
  • Home cinema
  • Soundbars
  • Sets
  • Inbouwoplossingen
  • Audio-onderdelen
  • Accessoires

Categorieën

Producten

  • Sonos Play
  • Sonos Ace
  • Arc Ultra
  • Beam (Gen 2)
  • Ray
  • Era 100
  • Era 100 SL
  • Era 300
  • Roam 2
  • Move 2
  • Sub 4
  • Sub Mini
  • Five
  • Amp
  • Port

Producten

© 2026 Sonos, Inc.
  • Juridisch
  • Privacyverklaring
  • Toegankelijkheid
  • Conformiteit
  • Sitemap
  • Beveiliging