Security Advisory: 2024-0002

Advisory ID: SSA-2024-0002
Severity: High
Issue Date: 2025-02-12
CVE(s): CVE-2025-1048, CVE-2025-1049, CVE-2025-1050

Synopsis: Recent software updates address multiple security vulnerabilities (CVE-2025-1048, CVE-2025-1049, CVE-2025-1050)

1. Impacted Products

• All S1 and S2 Systems.

Affected versions: All releases prior to Sonos Systems release v16.6 (build 83.1-61240) and Sonos S1 System release v11.15.1 (build 57.22-61162)

2. Introduction
Multiple vulnerabilities were reported by security researchers through the security competition Pwn2Own 2024. Updates are available to remediate these vulnerabilities in affected Sonos products.

3. Use After Free Vulnerability (CVE-2025-1050)
Description: A vulnerability exists in the SMB2 protocol implementation within the affected product that stems from a Use-After-Free (UAF) condition, which occurs when a memory location is accessed after it has been freed, leading to unpredictable behavior.
Known Attack Vectors: A malicious actor could send a specially crafted SMB2 message to the affected device, triggering the UAF condition and potentially leading to remote code execution.
Resolution: To remediate CVE-2025-1050 apply the Sonos Systems Update v16.6 (build 83.1-61240) or later. This bug does not apply to the Sonos S1 System.
Workarounds: None
Additional Documentation: None
Notes: None
Acknowledgments: Sonos would like to thank Viettel Cyber Security and Zero Day Initiative for their responsible disclosure by reporting this issue to us.

4. Remote Code Execution (CVE-2025-1049)
Description: A vulnerability in the affected devices’ MPEG-TS parsing code could allow an attacker to gain remote code execution on the device.
Known Attack Vectors: A malicious, close-proximity attacker could exploit this vulnerability to remotely execute arbitrary code.
Resolution: To remediate CVE-2025-1049 apply the Sonos Systems Update v16.6 (build 83.1-61240) or later, or Sonos S1 System v11.15.1 (build 57.22-61162) or later.
Workarounds: None
Additional Documentation: None
Notes: None
Acknowledgments: Sonos would like to thank InfoSect and Zero Day Initiative for their responsible disclosure by reporting this issue to us.

5. Remote Code Execution ( CVE-2025-1048)
Description: A vulnerability exists in the affected devices’s handling of HLS could allow an attacker to gain remote code execution on the device.
Known Attack Vectors: A malicious, close-proximity attacker could exploit this vulnerability to remotely execute arbitrary code.
Resolution: To remediate CVE-2025-1048 apply the Sonos Systems Update v16.6 (build 83.1-61240) or later, or Sonos S1 System v11.15.1 (build 57.22-61162) or later.
Workarounds: None
Additional Documentation: None
Notes: None
Acknowledgments: Sonos would like to thank RET2 Systems and Zero Day Initiative for their responsible disclosure by reporting this issue to us.