CVE-2025-24132

Published: Apr 30, 2025Modified: Apr 2, 2026

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination.

Affected (3)

Products: Apple: Airplay Audio Software Development Kit, Airplay Video Software Development Kit, Carplay Communication Plug In

Apple

3 products

Airplay Audio Software Development Kit

Airplay Video Software Development Kit

Carplay Communication Plug In

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Airplay Audio Software Development Kit	Before 2.7.1
Apple Airplay Video Software Development Kit	Before 3.6.0.126
Apple Carplay Communication Plug In	Before r18.1

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (1)

https://support.apple.com/en-us/122403

Source: product-security@apple.com

Vendor Advisory

Timeline

No history available yet.