CVE-2025-24132

This repository contains a functional exploit PoC for CVE-2025-24132, targeting a heap overflow in Apple's AirPlay service on port 7000. It includes multiple payload options (bash, Python, PowerShell) and supports persistence via .bashrc injection.

This repository contains a functional PoC for CVE-2025-24132, which exploits a buffer overflow in the AES CTR encryption handling of AirPlay/MFi devices. The exploit triggers a crash by sending a malformed SETUP packet with an oversized encryption key, demonstrating the vulnerability in devices like CarPlay units.

This is a functional PoC scanner for CVE-2025-24132, which tests AirPlay-capable devices for a zero-click HTTP RCE vulnerability via mDNS discovery and an HTTP POST request with a reverse shell payload.

The repository contains a functional PoC for CVE-2025-24132, which exploits a buffer overflow in the AES CTR encryption handling within AirPlay SDK-based devices. The exploit triggers a crash by sending a malformed SETUP packet with an oversized encryption key, demonstrating the vulnerability in devices with MFi code paths.

This repository contains a functional exploit PoC for CVE-2025-24132, targeting a buffer overflow in the AES CTR encryption handling within AirPlay's SETUP packet processing. The exploit demonstrates the vulnerability by causing a crash in vulnerable devices, particularly those without stack protections.

This PoC exploits a buffer overflow in the AES CTR encryption handling of AirPlay/MFi devices (CVE-2025-24132) by sending a malformed SETUP packet with an oversized encryption key, causing a crash. The exploit targets vulnerable CarPlay/AirPlay units and requires no authentication.