What is the severity of CVE-2025-24139?

CVE-2025-24139 has a high severity rating due to potential impact from null pointer dereference and type confusion issues.

How do I fix CVE-2025-24139?

To fix CVE-2025-24139, update to the latest versions of macOS Ventura 13.7.3, macOS Sequoia 15.3, or macOS Sonoma 14.7.3.

Which Apple products are affected by CVE-2025-24139?

CVE-2025-24139 affects Apple macOS versions including Ventura, Sequoia, and Sonoma.

What issues does CVE-2025-24139 address?

CVE-2025-24139 addresses a null pointer dereference, type confusion, and input validation issues in AirPlay.

How serious is the risk of not addressing CVE-2025-24139?

Failing to address CVE-2025-24139 could lead to application crashes or security vulnerabilities in affected Apple devices.

Vulnerability/
CVE-2025-24139

critical

9.8

CWE

770 20 476 416 362

EPSS

0.045%

27/1/2025

29/1/2025

CVE-2025-24139: Input Validation

First published: Mon Jan 27 2025(Updated: )

AirPlay. A null pointer dereference was addressed with improved input validation.

Credit: product-security@apple.com Wang Yu CyberservalKirin @Pwnrin Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeArsenii Kostromin (0x3c3e) Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILpattern-f @pattern_F_ an anonymous researcher 云散 Mickey Jin @patch1t Pedro Tôrres @t0rr3sp3dr0 神罚 @Pwnrin Anonymous Trend Micro Zero Day InitiativeYiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Hossein Lotfi @hosselot Trend Micro Zero Day InitiativeRodolphe BRUNETTI @eisw0lf Lupus NovaJonathan Bar Or @yo_yo_yo_jbo MicrosoftYann GASCUEL Alter SolutionsAdam M. PixiePoint Security Josh Parnham @joshparnham @RenwaX23 Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityPwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Matej Moravec @MacejkoMoravec Michael (Biscuit) Thomas @social.lol) @biscuit CertiK SkyFall Team Bohdan Stasiuk @Bohdan_Stasiuk Uri Katz (Oligo Security)

Affected Software	Affected Version	How to fix
Apple macOS	<14.7.3	14.7.3
Apple macOS	<13.7.3	13.7.3
Apple macOS Sequoia	<15.3	15.3
Apple macOS
Apple macOS Sequoia
Apple macOS

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/122069 (Advisory)
https://support.apple.com/en-us/122068 (Advisory)
https://support.apple.com/en-us/122070 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2025-24137
CVE-2025-24112
CVE-2025-24109
CVE-2025-24100
CVE-2025-24114
CVE-2025-24121
CVE-2025-24122
CVE-2025-24127
CVE-2024-54509
CVE-2025-24106
CVE-2024-44172
CVE-2025-24161
CVE-2025-24160
CVE-2025-24163
CVE-2025-24123
CVE-2025-24124
CVE-2025-24102
CVE-2025-24174
CVE-2025-24086
CVE-2025-24118
CVE-2025-24159
CVE-2025-24094
CVE-2025-24115
CVE-2025-24116
CVE-2025-24136
CVE-2025-24099
CVE-2025-24130
CVE-2025-24146
CVE-2024-54497
CVE-2025-24093
CVE-2025-24149
CVE-2025-24103
CVE-2025-24139
CVE-2025-24151
CVE-2025-24138
CVE-2024-44243
CVE-2025-24176
CVE-2025-24092
CVE-2025-24154
CVE-2025-24120
CVE-2025-24156
CVE-2025-24126
CVE-2025-24129
CVE-2025-24131
CVE-2025-24177
CVE-2025-24087
CVE-2025-24085
CVE-2025-24134
CVE-2025-24140
CVE-2025-24107
CVE-2025-24117
CVE-2025-24101
CVE-2025-24096
CVE-2025-24169
CVE-2025-24128
CVE-2025-24113
CVE-2025-24108
CVE-2025-24152
CVE-2025-24153
CVE-2025-24135
CVE-2025-24145
CVE-2025-24143
CVE-2025-24158
CVE-2025-24162
CVE-2025-24150

Frequently Asked Questions

What is the severity of CVE-2025-24139?
CVE-2025-24139 has a high severity rating due to potential impact from null pointer dereference and type confusion issues.
How do I fix CVE-2025-24139?
To fix CVE-2025-24139, update to the latest versions of macOS Ventura 13.7.3, macOS Sequoia 15.3, or macOS Sonoma 14.7.3.
Which Apple products are affected by CVE-2025-24139?
CVE-2025-24139 affects Apple macOS versions including Ventura, Sequoia, and Sonoma.
What issues does CVE-2025-24139 address?
CVE-2025-24139 addresses a null pointer dereference, type confusion, and input validation issues in AirPlay.
How serious is the risk of not addressing CVE-2025-24139?
Failing to address CVE-2025-24139 could lead to application crashes or security vulnerabilities in affected Apple devices.

agent/references
agent/type
collector/nvd-api
source/NVD
agent/severity
agent/weakness
agent/source
agent/description
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/event
agent/last-modified-date
agent/softwarecombine
collector/apple-support
source/Apple
alias/CVE-2024-44172
alias/CVE-2025-24161
alias/CVE-2025-24160
alias/CVE-2025-24163
alias/CVE-2025-24123
alias/CVE-2025-24124
alias/CVE-2025-24102
alias/CVE-2025-24174
alias/CVE-2025-24086
alias/CVE-2025-24118
alias/CVE-2025-24159
alias/CVE-2025-24094
alias/CVE-2025-24115
alias/CVE-2025-24116
alias/CVE-2025-24136
alias/CVE-2025-24099
alias/CVE-2025-24130
alias/CVE-2025-24146
alias/CVE-2024-54497
alias/CVE-2025-24093
alias/CVE-2025-24149
alias/CVE-2025-24103
alias/CVE-2025-24139
alias/CVE-2025-24151
alias/CVE-2025-24138
alias/CVE-2024-44243
alias/CVE-2025-24176
alias/CVE-2025-24092
alias/CVE-2025-24154
alias/CVE-2025-24120
alias/CVE-2025-24156
agent/software-canonical-lookup
alias/CVE-2025-24169
alias/CVE-2025-24128
alias/CVE-2025-24113
alias/CVE-2025-24108
alias/CVE-2025-24152
alias/CVE-2025-24153
alias/CVE-2025-24107
alias/CVE-2025-24135
alias/CVE-2025-24145
alias/CVE-2025-24143
alias/CVE-2025-24158
alias/CVE-2025-24162
alias/CVE-2025-24150
alias/CVE-2025-24106
alias/CVE-2025-24085
alias/CVE-2025-24134
alias/CVE-2025-24140
alias/CVE-2025-24117
alias/CVE-2025-24101
alias/CVE-2025-24096
alias/CVE-2025-24122
alias/CVE-2025-24127
alias/CVE-2024-54509
alias/CVE-2025-24109
alias/CVE-2025-24114
alias/CVE-2025-24121
alias/CVE-2025-24100
alias/CVE-2025-24129
alias/CVE-2025-24131
alias/CVE-2025-24177
alias/CVE-2025-24137
alias/CVE-2025-24087
alias/CVE-2025-24112
agent/epss
agent/tags
collector/epss-latest
source/FIRST
agent/guess-ai
agent/software-canonical-lookup-request
agent/author
vendor/apple
canonical/apple macos
canonical/apple macos sequoia