Default Admin Account Vulnerability in Airship AI Products
CVE-2025-35042

9.3CRITICAL

Key Information:

Vendor: Airship Ai
Status: Acropolis
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-35042?

Airship AI Acropolis contains a significant security flaw due to the presence of a default administrative account with unchanged credentials across installations. If these default passwords are not altered, attackers can exploit this vulnerability to gain remote access and obtain administrative privileges. It is crucial to update to versions 10.2.35, 11.0.21, or 11.1.9 to mitigate this risk and ensure that password policy practices are enforced to enhance security.

Affected Version(s)

Acropolis 0 < 10.2.35

Acropolis 0 < 11.0.21

Acropolis 0 < 11.1.9

References

https://www.cve.org/CVERecord?id=CVE-2025-35042

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Zach Crosman, CISA

Airship Ai

What is CVE-2025-35042?

Affected Version(s)

References

CVSS V4

Timeline

Credit