CVE-2025-24271
Access Control Flaw Enables Unauthenticated AirPlay Commands
Description
Description
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| apple | ipados | to 18.2 (inc) |
| apple | ipados | to 18.2 (inc) |
| apple | iphone_os | to 18.2 (inc) |
| apple | macos | to 15.2 (inc) |
| apple | macos | to 15.2 (inc) |
| apple | macos | to 15.2 (inc) |
| apple | tvos | to 18.2 (inc) |
| apple | visionos | to 2.2 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | Missing Authentication for Critical Function |
| CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') |
| CWE-862 | Missing Authorization |
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me?
What immediate steps should I take to mitigate this vulnerability?
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2025-04-29
CVE Last Modified Date:
2025-04-30
Report Generation Date:
2025-07-14
AI Powered Q&A Generation:
2025-04-30
EPSS Last Evaluated Date:
2025-07-02
NVD Report Link: