CVE-2025-24271
BaseFortify
Publication date: 2025-04-29
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 17.7.6 (exc) |
| apple | ipados | From 18.0 (inc) to 18.4 (exc) |
| apple | iphone_os | to 18.4 (exc) |
| apple | macos | to 13.7.5 (exc) |
| apple | macos | From 14.0 (inc) to 14.7.5 (exc) |
| apple | macos | From 15.0 (inc) to 15.4 (exc) |
| apple | tvos | to 18.4 (exc) |
| apple | visionos | to 2.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-843 | The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an access control flaw where an unauthenticated user, if on the same network as a signed-in Mac, can send AirPlay commands without the usual pairing process. It was caused by insufficient access restrictions and has been fixed in several Apple operating systems including macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4, iPadOS 18.4, and visionOS 2.4. [1]
How can this vulnerability impact me?
If you are using an affected Apple device and are on the same network as another signed-in Mac, an attacker could exploit this vulnerability by sending unauthorized AirPlay commands. This could potentially lead to unexpected behavior or misuse of your device's functionality. [1]
What immediate steps should I take to mitigate this vulnerability?
The CVE description indicates that the issue has been fixed by applying improved access restrictions in updated software. Therefore, the immediate step is to update your system to one of the fixed versions (macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4, iPadOS 18.4, or visionOS 2.4) to mitigate the vulnerability. [1]