{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-43916", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-21T14:03:20.440Z", "dateReserved": "2025-04-19T00:00:00.000Z", "datePublished": "2025-04-21T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "api.sonos.com", "vendor": "Sonos", "versions": [{"lessThanOrEqual": "2025-04-21", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have further implications in conjunction with \"Decompiling the app revealed a hardcoded secret.\""}], "problemTypes": [{"descriptions": [{"cweId": "CWE-647", "description": "CWE-647 Use of Non-Canonical URL Paths for Authorization Decisions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-04-21T13:49:45.236Z"}, "references": [{"url": "https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2025-43916/detail.md"}], "tags": ["exclusively-hosted-service"], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T14:02:24.780069Z", "id": "CVE-2025-43916", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T14:03:20.440Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-43916", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-21T14:02:24.780069Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T14:02:51.062Z"}}], "cna": {"tags": ["exclusively-hosted-service"], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N"}}], "affected": [{"vendor": "Sonos", "product": "api.sonos.com", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2025-04-21"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2025-43916/detail.md"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have further implications in conjunction with \"Decompiling the app revealed a hardcoded secret.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-647", "description": "CWE-647 Use of Non-Canonical URL Paths for Authorization Decisions"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-04-21T13:49:45.236Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43916", "state": "PUBLISHED", "dateUpdated": "2025-04-21T14:03:20.440Z", "dateReserved": "2025-04-19T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-04-21T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["exclusively-hosted-service"]}], "descriptions": [{"lang": "en", "value": "Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have further implications in conjunction with \"Decompiling the app revealed a hardcoded secret.\""}, {"lang": "es", "value": "Sonos api.sonos.com hasta el 21/04/2025, al usar el punto de acceso /login/v3/oauth, acepta un redirect_uri que contiene informaci\u00f3n de usuario en el componente de autoridad, lo cual no es coherente con la secci\u00f3n 5.2.3.5 de la RFC 6819. Es posible que se env\u00ede un c\u00f3digo de autorizaci\u00f3n a un destino controlado por el atacante. Esto podr\u00eda tener implicaciones adicionales en relaci\u00f3n con el caso \"La descompilaci\u00f3n de la aplicaci\u00f3n revel\u00f3 un secreto codificado\"."}], "id": "CVE-2025-43916", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-04-21T14:15:36.593", "references": [{"source": "cve@mitre.org", "url": "https://github.com/larlarua/vulnerability-reports/blob/main/CVE-2025-43916/detail.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-647"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}

{}