Apple AirPlay SDK/CarPlay Plugin Local Net Crash (Vuln before SDK 2.7.1/3.6.0)
CVE-2025-24132 Published on April 30, 2025
The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.
Vulnerability Analysis
Weakness Type
What is a Buffer Overflow Vulnerability?
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CVE-2025-24132 has been classified to as a Buffer Overflow vulnerability or weakness.
Products Associated with CVE-2025-24132
stack.watch emails you whenever new vulnerabilities are published in Apple AirPlay or Apple Carplay. Just hit a watch button to start following.
Affected Versions
Apple AirPlay audio SDK:- Version unspecified and below 2.7.1 is affected.
- Version unspecified and below 3.6.0.126 is affected.
- Version unspecified and below R18.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.