CVE-2025-24252

HIGH

Apple Ipados < 17.7.6 - Use After Free

Title source: rule

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.

Exploits (2)

nomisec WORKING POC 152 stars

by ekomsSavior · poc

https://github.com/ekomsSavior/AirBorne-PoC

View Code ZIP pw:eip

nomisec SCANNER 2 stars

by cakescats · poc

https://github.com/cakescats/airborn-IOS-CVE-2025-24252

View Code ZIP pw:eip

References (8)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/122371

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/122372

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/122373

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/122374

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/122375

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/122377

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/122378

[Various Sources] https://github.com/cakescats/airborn-IOS-CVE-2025-24252/blob/main/airborn_arts_CVE-2025-24252_extractor.sh

Scores

CVSS v3 8.8

EPSS 0.0010

EPSS Percentile 27.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (12)

Apple/iOS and iPadOS < 18.4

apple/ipados < 17.7.6

Apple/iPadOS < 17.7.6

apple/iphone_os < 18.4

apple/macos < 13.7.5

Apple/macOS < 13.7.5

Apple/macOS < 14.7.5

Apple/macOS < 15.4

apple/tvos < 18.4

Apple/tvOS < 18.4

... and 2 more

Published Apr 29, 2025

Tracked Since Feb 18, 2026