Skip to main content
  • Salg
  • Butikk
  • Les mer
  • Brukerstøtte
  • Profesjonell
  • Handlekurv

Security Advisory: 2025-0002

Advisory ID: SSA-2025-0002
Severity: High
Issue Date: 2025-08-25
CVE(s): None

Synopsis: Recent software updates include security enhancements that address potential vulnerabilities in networking protocol used by certain third-party integrations.

1. Impacted Products

  • All S1 and S2 Sonos Speakers with at least one authenticated (i.e., login-based, not anonymous) music service provider (MSP) integration.
  • Affected versions: All releases prior to Sonos Systems release v17.1.1 (build 85.0-66270) and Sonos S1 System release v11.15.3 (build 57.22-65130)

2. Introduction
A potential vulnerability was identified in Sonos speakers that could allow an unauthorized user on the same Local Area Network (LAN) to access third-party music service tokens.

3. Third-Party Access Token Vulnerability
Known Attack Vectors: Malicious actors with access to the same Local Area Network as the Sonos speakers can subscribe to UPnP events of a speaker to obtain third-party access tokens. This issue is limited in scope and does not affect users unless a malicious actor gains access to their local network environment.

4. Recommended Mitigations
Resolution:

  • For Sonos S2 System:

Users are advised to disable “UPnP” in your Sonos App settings. Doing this may impact third party control applications that use the UPnP protocol such as SonoPhone or QQMusic.

This guide explains how to disable "Legacy Integrations" on your Sonos system.

  • Open the Sonos app on your device.
  • Go to Account, and select Privacy & Security.
  • Find the UPnP setting and set it to Off.
  • For Sonos S1 System:

S1 was built on an old architecture that relies on the legacy UPnP protocol, which means this issue cannot be resolved via software update. Users are encouraged to implement the workaround outlined below to mitigate risk.

Workaround:

To reduce potential risk on S1 systems, users should ensure that only trusted individuals and devices have access to their local Wi-Fi network. Exploitation of the issue requires a device to be connected to the same LAN as the speaker system.

Gå aldri glipp av et taktslag eller et tilbud

Abonner for å få de siste oppdateringene på nye produkter og eksklusive tilbud.

Du samtykker til å motta oppdateringer, kampanjetilbud og andre meldinger fra Sonos. Du kan si opp abonnementet når som helst. For mer informasjon, se vår Personvernerklæring.

Hjelp

  • Konto
  • Ordrestatus
  • Frakt og levering
  • Retur
  • Butikkfinner
  • Kontakt oss
  • Salgsvilkår
  • Sonos-fellesskapet

Hjelp

Tilbud

  • Siste sjanse
  • Certified Refurbished
  • Sonos’ oppgraderingsprogram
  • Sonos Beta

Tilbud

Om Sonos

  • Selskapet vårt
  • Nyheter
  • Mediesett
  • Ledige stillinger
  • Investorer
  • Bærekraft og påvirkning
  • Slik begynte det
  • Blogg
  • Sonos-appen
  • Anmeldelser

Om Sonos

For forretninger

  • Monterte løsninger
  • Forhandlerbutikk
  • Utviklerportal
  • Trades
  • Fungerer med Sonos

For forretninger

Kategorier

  • Hodetelefoner
  • Høyttalere
  • Bærbare høyttalere
  • Hjemmekino
  • Lydplanker
  • Sett
  • Arkitektonisk
  • Lydkomponenter
  • Tilbehør

Kategorier

Produktoversikt

  • Sonos Play
  • Sonos Ace
  • Arc Ultra
  • Beam (Gen 2)
  • Ray
  • Era 100
  • Era 100 SL
  • Era 300
  • Roam 2
  • Move 2
  • Sub 4
  • Sub Mini
  • Five
  • Amp
  • Port

Produktoversikt

© 2026 Sonos, Inc.
  • Juridisk informasjon
  • Personvernerklæring
  • Tilgjengelighet
  • Samsvar
  • Nettstedskart
  • Sikkerhet