CVE-2025-35042 CRITICAL

CVE-2025-35042: Airship AI Acropolis default credentials

Vendor Airship Ai
Product Acropolis
Weakness CWE-1392
Published September 22, 2025
Last update September 30, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9.

Key dates

02Disclosure timeline

September 22, 2025 CVE published
September 30, 2025 Record updated