CVE-2025-24271

MEDIUM

iPadOS < 17.7.6 - Unauthenticated AirPlay Command Execution via Network Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-24271. PoCs published by moften.

AI-analyzed exploit summary This PoC exploits CVE-2025-24271 by sending a fake AirPlay request to vulnerable Apple devices, potentially exposing sensitive information. It uses mDNS (Bonjour) to discover AirPlay devices and sends a crafted HTTP request to trigger the vulnerability.

Description

An access issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing.

Exploits (1)

nomisec WORKING POC 4 stars

by moften · poc

https://github.com/moften/CVE-2025-24271

View Code ZIP pw:eip

This PoC exploits CVE-2025-24271 by sending a fake AirPlay request to vulnerable Apple devices, potentially exposing sensitive information. It uses mDNS (Bonjour) to discover AirPlay devices and sends a crafted HTTP request to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Apple AirPlay (macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, iOS 18.4, iPadOS 17.7.6 and 18.4, tvOS 18.4, visionOS 2.4)

No auth needed

Prerequisites: Network access to vulnerable AirPlay devices · Python with zeroconf library installed

MITRE ATT&CK

T1087 - Account Discovery T1040 - Network Sniffing

devstral-2 · analyzed Feb 16, 2026 Full analysis →