CVE-2025-30422

Published: Apr 30, 2025Modified: Apr 2, 2026

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination.

Affected (3)

Products: Apple: Airplay Audio Software Development Kit, Airplay Video Software Development Kit, Carplay Communication Plug In

Apple

3 products

Airplay Audio Software Development Kit

Airplay Video Software Development Kit

Carplay Communication Plug In

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Airplay Audio Software Development Kit	Before 2.7.1
Apple Airplay Video Software Development Kit	Before 3.6.0.126
Apple Carplay Communication Plug In	Before r18.1

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://support.apple.com/en-us/122403

Source: product-security@apple.com

Vendor Advisory

Timeline

No history available yet.