CVE-2025-35042 – Airship AI Acropolis uses a default administrat... (How to Fix)

Q: What is the severity of CVE-2025-35042?

CVE-2025-35042 has a CVSS score of 9.8 (CRITICAL). Airship AI Acropolis uses a default administrative account with identical hardcoded credentials across all installations. Attackers can remotely log in using these credentials to gain administrative privileges on vulnerable systems. This affects all Airship AI Acropolis instances that haven't changed the default account password.

📋 TL;DR

Airship AI Acropolis uses a default administrative account with identical hardcoded credentials across all installations. Attackers can remotely log in using these credentials to gain administrative privileges on vulnerable systems. This affects all Airship AI Acropolis instances that haven't changed the default account password.

💻 Affected Systems

Products:

Airship AI Acropolis

Versions: All versions before 10.2.35, 11.0.21, and 11.1.9

Operating Systems: Any OS running Airship AI Acropolis

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable unless the administrative account password has been changed.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to access, modify, or delete sensitive data, deploy malware, pivot to other systems, and disrupt operations.

🟠

Likely Case

Unauthorized administrative access leading to data theft, configuration changes, and potential lateral movement within the network.

🟢

If Mitigated

No impact if default credentials are changed or systems are patched and properly segmented.

🌐 Internet-Facing: HIGH - Remote attackers can directly exploit this without any authentication required.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to attackers who obtain the default credentials.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of the default credentials, which are identical across installations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.2.35, 11.0.21, or 11.1.9

Vendor Advisory: https://www.cve.org/CVERecord?id=CVE-2025-35042

Restart Required: Yes

Instructions:

1. Identify your current Airship AI Acropolis version. 2. Upgrade to version 10.2.35, 11.0.21, or 11.1.9 depending on your release track. 3. Restart the application. 4. Verify the default administrative account password has been changed or removed.

🔧 Temporary Workarounds

Change Default Administrative Password

all

Immediately change the password for the default administrative account to a strong, unique password.

Use the Airship AI Acropolis administrative interface to change the default account password

Network Segmentation

all

Restrict network access to Airship AI Acropolis instances using firewalls or network policies.

Configure firewall rules to limit access to trusted IP addresses only

🧯 If You Can't Patch

Immediately change the default administrative account password to a strong, unique value
Isolate affected systems from internet access and implement strict network segmentation

🔍 How to Verify

Check if Vulnerable:

Attempt to log in to the Airship AI Acropolis administrative interface using the default credentials (specific credentials not disclosed here).

Check Version:

Check the Airship AI Acropolis administrative interface or documentation for version information

Verify Fix Applied:

Verify you cannot log in with default credentials and confirm the system is running version 10.2.35, 11.0.21, or 11.1.9.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login from unexpected IP addresses
Administrative actions performed from unfamiliar locations or at unusual times

Network Indicators:

Inbound connections to administrative ports from suspicious IP ranges
Unusual outbound connections from the Airship AI system

SIEM Query:

source="airship_logs" AND (event_type="login_success" AND user="admin") OR (event_type="admin_action" AND src_ip NOT IN trusted_ips)

📊 Metadata

CVE ID: CVE-2025-35042

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1392

EPSS Score: 0.21% exploit probability (43.6th percentile)

Published: September 22, 2025

Last Updated: December 19, 2025

🔗 References

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-265-01.json Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35042 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-35042, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Acropolis by Airship.ai

Acropolis by Airship.ai

Acropolis by Airship.ai

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Change Default Administrative Password

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities