CVE-2025-35041
📋 TL;DR
Airship AI Acropolis has a vulnerability that allows unlimited MFA code attempts for 15 minutes after successful login. Attackers with valid credentials can brute-force the 6-digit MFA code to gain unauthorized access. This affects all Airship AI Acropolis users running vulnerable versions.
💻 Affected Systems
- Airship AI Acropolis
📦 What is this software?
Acropolis by Airship.ai
Acropolis by Airship.ai
Acropolis by Airship.ai
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover leading to data theft, system compromise, and lateral movement within the network.
Likely Case
Unauthorized access to individual user accounts, potentially exposing sensitive data and system functionality.
If Mitigated
Limited impact with proper MFA policies, account lockouts, and network segmentation in place.
🎯 Exploit Status
Exploitation requires valid credentials but is trivial once obtained; brute-forcing 6-digit codes is computationally easy.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.2.35, 11.0.21, or 11.1.9
Vendor Advisory: https://www.cve.org/CVERecord?id=CVE-2025-35041
Restart Required: Yes
Instructions:
1. Identify current Airship AI Acropolis version. 2. Download appropriate patch (10.2.35, 11.0.21, or 11.1.9). 3. Apply patch following vendor documentation. 4. Restart services. 5. Verify MFA rate limiting is now enforced.
🔧 Temporary Workarounds
Implement MFA attempt rate limiting
allConfigure external WAF or proxy to limit MFA attempts per user session
# WAF/proxy specific configuration required
Reduce MFA validity window
allShorten MFA code validity period to reduce attack window
# Configuration depends on specific deployment
🧯 If You Can't Patch
- Implement network segmentation to isolate Airship AI Acropolis from untrusted networks
- Enforce strong password policies and monitor for credential compromise
🔍 How to Verify
Check if Vulnerable:
Test MFA functionality: after successful login, attempt multiple incorrect MFA codes within 15 minutes. If unlimited attempts are allowed, system is vulnerable.Check Version:
# Check Airship AI Acropolis version via admin interface or configuration filesVerify Fix Applied:
After patching, repeat MFA test: system should block attempts after configured threshold (typically 3-5 attempts).📡 Detection & Monitoring
Log Indicators:
- Multiple failed MFA attempts from same user within short timeframe
- Successful login followed by rapid MFA failures
Network Indicators:
- Unusual pattern of authentication requests to MFA endpoint
- High volume of POST requests to /auth/mfa endpoint
SIEM Query:
source="airship" AND (event_type="mfa_failure" AND count > 5 within 15m)