Skip to main content
  • Sconti
  • Acquista
  • Scopri
  • Assistenza
  • Professionisti
  • Carrello

Security Advisory: 2025-0002

Advisory ID: SSA-2025-0002
Severity: High
Issue Date: 2025-08-25
CVE(s): None

Synopsis: Recent software updates include security enhancements that address potential vulnerabilities in networking protocol used by certain third-party integrations.

1. Impacted Products

  • All S1 and S2 Sonos Speakers with at least one authenticated (i.e., login-based, not anonymous) music service provider (MSP) integration.
  • Affected versions: All releases prior to Sonos Systems release v17.1.1 (build 85.0-66270) and Sonos S1 System release v11.15.3 (build 57.22-65130)

2. Introduction
A potential vulnerability was identified in Sonos speakers that could allow an unauthorized user on the same Local Area Network (LAN) to access third-party music service tokens.

3. Third-Party Access Token Vulnerability
Known Attack Vectors: Malicious actors with access to the same Local Area Network as the Sonos speakers can subscribe to UPnP events of a speaker to obtain third-party access tokens. This issue is limited in scope and does not affect users unless a malicious actor gains access to their local network environment.

4. Recommended Mitigations
Resolution:

  • For Sonos S2 System:

Users are advised to disable “UPnP” in your Sonos App settings. Doing this may impact third party control applications that use the UPnP protocol such as SonoPhone or QQMusic.

This guide explains how to disable "Legacy Integrations" on your Sonos system.

  • Open the Sonos app on your device.
  • Go to Account, and select Privacy & Security.
  • Find the UPnP setting and set it to Off.
  • For Sonos S1 System:

S1 was built on an old architecture that relies on the legacy UPnP protocol, which means this issue cannot be resolved via software update. Users are encouraged to implement the workaround outlined below to mitigate risk.

Workaround:

To reduce potential risk on S1 systems, users should ensure that only trusted individuals and devices have access to their local Wi-Fi network. Exploitation of the issue requires a device to be connected to the same LAN as the speaker system.

Non perderti nemmeno una nota o un’offerta

Iscriviti per ricevere gli ultimi aggiornamenti su nuovi prodotti e offerte esclusive.

Acconsenti all'invio di aggiornamenti, offerte promozionali e altri messaggi da parte di Sonos. Puoi annullare l'iscrizione in qualsiasi momento. Per ulteriori informazioni, consulta la nostra Informativa sulla privacy.

Assistenza

  • Account
  • Stato dell’ordine
  • Spedizione e consegna
  • Resi
  • Trova il negozio
  • Contattaci
  • Condizioni di vendita
  • Sonos Community

Assistenza

Offerte

  • Ultima occasione
  • Ricondizionato certificato
  • Programma di aggiornamento Sonos
  • Sonos beta

Offerte

Informazioni su Sonos

  • La nostra azienda
  • Notizie
  • Kit per i media
  • Opportunità di lavoro
  • Investitori
  • Sostenibilità e impatto ambientale
  • Gli esordi
  • Blog
  • App Sonos
  • Recensioni

Informazioni su Sonos

Per le aziende

  • Soluzioni installate
  • Rivenditori
  • Portale sviluppatori
  • Funziona con Sonos

Per le aziende

Categorie

  • Cuffie
  • Speaker
  • Speaker portatili
  • Home theater
  • Soundbar
  • Kit
  • Da incasso
  • Componenti audio
  • Accessori

Categorie

Prodotto

  • Sonos Play
  • Sonos Ace
  • Arc Ultra
  • Beam (Gen 2)
  • Ray
  • Era 100
  • Era 100 SL
  • Era 300
  • Roam 2
  • Move 2
  • Sub 4
  • Sub Mini
  • Five
  • Amp
  • Port

Prodotto

© 2026 Sonos, Inc.
  • Affari legali
  • Informativa sulla privacy
  • Accessibilità
  • Conformità
  • Mappa del sito
  • Sicurezza