CVE-2025-24132 - Vulnerability Details

- Memory Handling Vulnerability Causing Application Crash via Local Network Attack

Description

The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination.

Published: 2025-04-30

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a memory handling error that can cause applications using Apple AirPlay audio or video SDKs to crash unexpectedly. It is classified as a buffer handling issue, identified as CWE‑119. The impact is a denial of service: an attacker can trigger application termination but cannot execute code or obtain sensitive information.

Affected Systems

Apple’s AirPlay audio SDK and AirPlay video SDK are affected. The fix is in audio SDK version 2.7.1 and video SDK version 3.6.0.126. Devices that rely on these SDKs and have older versions are at risk until the update is applied.

Risk and Exploitability

The CVSS score is 6.5, indicating moderate severity. The EPSS score is less than 1%, reflecting a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a local network attacker who can communicate with the device or application using the vulnerable SDK. No elevated privileges or internet exposure are required; local proximity is sufficient to trigger a crash.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

AirPlay audio SDK

affected

Version	Status	Constraints
`0`	affected	< 2.7.1

Apple

AirPlay video SDK

affected

Version	Status	Constraints
`0`	affected	< 2.7.1

Configuration 1 [-]

OR	cpe:2.3:a:apple:airplay_audio_software_development_kit::::::::
	cpe:2.3:a:apple:airplay_video_software_development_kit::::::::
	cpe:2.3:a:apple:carplay_communication_plug-in::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to AirPlay audio SDK 2.7.1 or later
Upgrade to AirPlay video SDK 3.6.0.126 or later
Rebuild or redeploy applications that include the SDKs to ensure the new versions are in use

Generated by OpenCVE AI on April 28, 2026 at 02:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-12774	The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://support.apple.com/en-us/122403

History

Tue, 28 Apr 2026 02:30:00 +0000

Type	Values Removed	Values Added
Title		Memory Handling Vulnerability Causing Application Crash via Local Network Attack

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.	The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination.

Mon, 12 May 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple airplay Audio Software Development Kit Apple airplay Video Software Development Kit Apple carplay Communication Plug-in
CPEs		cpe:2.3:a:apple:airplay_audio_software_development_kit:::::::: cpe:2.3:a:apple:airplay_video_software_development_kit:::::::: cpe:2.3:a:apple:carplay_communication_plug-in::::::::
Vendors & Products		Apple Apple airplay Audio Software Development Kit Apple airplay Video Software Development Kit Apple carplay Communication Plug-in

Thu, 01 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 30 Apr 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description		The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.
References		https://support.apple.com/en-us/122403

Subscriptions

Apple Airplay Audio Software Development Kit Airplay Video Software Development Kit Carplay Communication Plug-in

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-04-30T20:48:15.055Z

Updated: 2026-04-02T18:11:17.708Z

Reserved: 2025-01-17T00:00:44.974Z

Link: CVE-2025-24132

Vulnrichment

Updated: 2025-05-01T13:11:55.746Z

NVD

Status : Modified

Published: 2025-04-30T21:15:54.343

Modified: 2026-04-02T19:19:04.997

Link: CVE-2025-24132

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T02:15:18Z

Weaknesses

CWE-119

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object