CVE-2025-43916
Published: 21 April 2025
Summary
CVE-2025-43916 is a low-severity Use of Non-Canonical URL Paths for Authorization Decisions (CWE-647) vulnerability. Its CVSS base score is 3.4 (Low).
Operationally, ranked at the 39.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-12378
Vulnerability details
Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might…
more
have further implications in conjunction with "Decompiling the app revealed a hardcoded secret."
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.