Skip to main content
  • Promotion
  • Acheter
  • Apprendre
  • Assistance
  • Professionnels
  • Panier

Security Advisory: 2025-0002

Advisory ID: SSA-2025-0002
Severity: High
Issue Date: 2025-08-25
CVE(s): None

Synopsis: Recent software updates include security enhancements that address potential vulnerabilities in networking protocol used by certain third-party integrations.

1. Impacted Products

  • All S1 and S2 Sonos Speakers with at least one authenticated (i.e., login-based, not anonymous) music service provider (MSP) integration.
  • Affected versions: All releases prior to Sonos Systems release v17.1.1 (build 85.0-66270) and Sonos S1 System release v11.15.3 (build 57.22-65130)

2. Introduction
A potential vulnerability was identified in Sonos speakers that could allow an unauthorized user on the same Local Area Network (LAN) to access third-party music service tokens.

3. Third-Party Access Token Vulnerability
Known Attack Vectors: Malicious actors with access to the same Local Area Network as the Sonos speakers can subscribe to UPnP events of a speaker to obtain third-party access tokens. This issue is limited in scope and does not affect users unless a malicious actor gains access to their local network environment.

4. Recommended Mitigations
Resolution:

  • For Sonos S2 System:

Users are advised to disable “UPnP” in your Sonos App settings. Doing this may impact third party control applications that use the UPnP protocol such as SonoPhone or QQMusic.

This guide explains how to disable "Legacy Integrations" on your Sonos system.

  • Open the Sonos app on your device.
  • Go to Account, and select Privacy & Security.
  • Find the UPnP setting and set it to Off.
  • For Sonos S1 System:

S1 was built on an old architecture that relies on the legacy UPnP protocol, which means this issue cannot be resolved via software update. Users are encouraged to implement the workaround outlined below to mitigate risk.

Workaround:

To reduce potential risk on S1 systems, users should ensure that only trusted individuals and devices have access to their local Wi-Fi network. Exploitation of the issue requires a device to be connected to the same LAN as the speaker system.

Restez au courant de toutes les actualités et offres Sonos

Abonnez-vous pour recevoir les dernières informations sur les nouveaux produits et les offres exclusives.

Vous acceptez de recevoir des actualités, des offres promotionnelles et d'autres messages de Sonos. Vous pourrez vous désabonner à tout moment. Pour plus d'informations, consultez notre Déclaration de confidentialité.

Aide

  • Compte
  • Statut de votre commande
  • Expédition et livraison
  • Retours
  • Géolocalisateur de magasin
  • Nous contacter
  • Conditions de vente
  • Communauté Sonos

Aide

Offres

  • Dernière chance
  • Produits reconditionnés
  • Programme Sonos Upgrade
  • Ventes aux entreprises
  • Sonos Bêta

Offres

À propos de Sonos

  • Notre entreprise
  • Actualités
  • Kits média
  • Emplois
  • Investisseurs
  • Développement durable et impact sur l'environnement
  • Nos débuts
  • Blog
  • Application Sonos
  • Avis

À propos de Sonos

Pour les entreprises

  • Solutions d’intégration
  • Espace revendeur
  • Portail développeur
  • Works with Sonos

Pour les entreprises

Catégories

  • Casque audio
  • Enceintes
  • Enceintes nomades
  • Home cinéma
  • Barres de son
  • Packs
  • Architectural
  • Composants audio
  • Accessoires

Catégories

Produits

  • Sonos Play
  • Sonos Ace
  • Sonos Arc Ultra
  • Sonos Beam (Gen 2)
  • Sonos Ray
  • Sonos Era 100
  • Sonos Era 100 SL
  • Sonos Era 300
  • Sonos Roam 2
  • Sonos Move 2
  • Sonos Sub 4
  • Sonos Sub Mini
  • Sonos Five
  • Sonos Amp
  • Sonos Port

Produits

© 2026 Sonos, Inc.
  • Mentions légales
  • Déclaration de confidentialité
  • Accessibilité
  • Conformité
  • Plan du site
  • Sécurité