Detections
Analytics

CVE-2025-24132

medium

Description

The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1 and AirPlay video SDK 3.6.0.126. An attacker on the local network may cause an unexpected app termination.

References

https://www.securityweek.com/remote-carplay-hack-puts-drivers-at-risk-of-distraction-and-surveillance/

https://www.darkreading.com/vulnerabilities-threats/apple-carplay-rce-exploit

https://www.oligo.security/blog/airborne

https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/

https://support.apple.com/en-us/122403

Details

Source: Mitre, NVD

Published: 2025-04-30

Updated: 2026-04-02

Named Vulnerability: AirBorne

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018