CVE-2025-24252

HIGH

iPadOS < 17.7.6 - Use-After-Free

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-24252. PoCs published by ekomsSavior, cakescats.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2025-24252 and CVE-2025-24132, targeting Apple's AirPlay service. It includes both a crash trigger via malformed mDNS packets and a reverse shell exploit leveraging a heap overflow, with optional persistence mechanisms.

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.

Exploits (2)

nomisec WORKING POC 152 stars
by ekomsSavior · poc
https://github.com/ekomsSavior/AirBorne-PoC

This repository contains a functional proof-of-concept exploit for CVE-2025-24252 and CVE-2025-24132, targeting Apple's AirPlay service. It includes both a crash trigger via malformed mDNS packets and a reverse shell exploit leveraging a heap overflow, with optional persistence mechanisms.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apple AirPlay service (AirPlayReceiver daemon)
No auth needed
Prerequisites: Network access to target device · Python 3 with Scapy library · Netcat for reverse shell listener
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 2 stars
by cakescats · poc
https://github.com/cakescats/airborn-IOS-CVE-2025-24252

This repository contains a bash script designed to scan iOS log archives for potential indicators of compromise related to the 'Airborne' vulnerabilities affecting Apple's AirPlay protocol. It automates log queries to identify anomalies in system processes involved in AirPlay and related services.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: iOS (various versions, specifically those affected by 'Airborne' vulnerabilities)
No auth needed
Prerequisites: macOS environment · iOS log archive (.logarchive) · bash shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8

Scores

CVSS v3 8.8
EPSS 0.0129
EPSS Percentile 66.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (12)
Apple/iOS and iPadOS < 18.4
apple/ipados < 17.7.6
Apple/iPadOS < 17.7.6
apple/iphone_os < 18.4
apple/macos < 13.7.5
Apple/macOS < 13.7.5
Apple/macOS < 14.7.5
Apple/macOS < 15.4
apple/tvos < 18.4
Apple/tvOS < 18.4
... and 2 more
Published Apr 29, 2025
Tracked Since Feb 18, 2026