fkie_cve-2025-43916
Vulnerability from fkie_nvd
Published
2025-04-21 14:15
Modified
2025-04-21 14:23
Severity ?
3.4 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
Summary
Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have further implications in conjunction with "Decompiling the app revealed a hardcoded secret."
References
cve@mitre.orghttps://github.com/larlarua/vulnerability-reports/blob/main/CVE-2025-43916/detail.md
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "exclusively-hosted-service"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have further implications in conjunction with \"Decompiling the app revealed a hardcoded secret.\""
    },
    {
      "lang": "es",
      "value": "Sonos api.sonos.com hasta el 21/04/2025, al usar el punto de acceso /login/v3/oauth, acepta un redirect_uri que contiene informaci\u00f3n de usuario en el componente de autoridad, lo cual no es coherente con la secci\u00f3n 5.2.3.5 de la RFC 6819. Es posible que se env\u00ede un c\u00f3digo de autorizaci\u00f3n a un destino controlado por el atacante. Esto podr\u00eda tener implicaciones adicionales en relaci\u00f3n con el caso \"La descompilaci\u00f3n de la aplicaci\u00f3n revel\u00f3 un secreto codificado\"."
    }
  ],
  "id": "CVE-2025-43916",
  "lastModified": "2025-04-21T14:23:45.950",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.4,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-21T14:15:36.593",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2025-43916/detail.md"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-647"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.