Home

Description

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-22 | Updated 2025-09-30 | Assigner cisa-cg




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1392 Use of Default Credentials

Product status

Default status
unknown

Any version before 10.2.35
affected

Any version before 11.0.21
affected

Any version before 11.1.9
affected

10.2.35
unaffected

11.0.21
unaffected

11.1.9
unaffected

Credits

Zach Crosman, CISA

References

www.cve.org/CVERecord?id=CVE-2025-35042 (url)

raw.githubusercontent.com/...IT/white/2025/va-25-265-01.json (url)

cve.org (CVE-2025-35042)

nvd.nist.gov (CVE-2025-35042)

Download JSON