Apple AirPlay SDK/CarPlay Plugin Local Net Crash (Vuln before SDK 2.7.1/3.6.0)
CVE-2025-24132 Published on April 30, 2025

The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2025-24132 has been classified to as a Buffer Overflow vulnerability or weakness.


Products Associated with CVE-2025-24132

Want to know whenever a new CVE is published for Apple products? stack.watch will email you.

Apple AirPlay
 
Apple Carplay
 
Apple iOS
 

Affected Versions

Apple AirPlay audio SDK: Apple AirPlay video SDK:

Exploit Probability

EPSS
0.05%
Percentile
14.79%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.