CVE-2025-35042
Published: 22 September 2025
Summary
CVE-2025-35042 is a critical-severity Use of Default Credentials (CWE-1392) vulnerability in Airship.Ai Acropolis. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 37.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Explicitly requires changing default authenticators prior to first use, directly preventing remote exploitation of the unchanged default administrative credentials.
Mandates procedures for managing system accounts, including modifying or disabling default administrative accounts to prevent unauthorized access.
Requires timely remediation of flaws through patching, directly addressing the vendor fix for this default credentials vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-35042 default administrative credentials enable T1078.001 (Default Accounts) for remote unauthorized access. CVE-2025-35041 insufficient MFA rate limiting enables T1110 (Brute Force) by allowing unlimited attempts to guess 6-digit MFA codes after valid primary credentials.
NVD Description
Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of…
more
this account. Fixed in 10.2.35, 11.0.21, and 11.1.9.
Deeper analysisAI
CVE-2025-35042 is a critical authentication vulnerability in Airship AI Acropolis, stemming from a default administrative account that employs identical credentials across all installations. Affected instances are those where the default password remains unchanged, enabling unauthorized access equivalent to administrative privileges. The issue, classified under CWE-1392, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its severe potential impact.
Any remote attacker can exploit this vulnerability without prior authentication or user interaction by simply using the known default credentials to log in over the network. Successful exploitation grants the attacker full privileges of the administrative account, allowing complete control over the affected Airship AI Acropolis instance, including potential data exfiltration, modification, or disruption.
Mitigation requires updating to patched versions 10.2.35, 11.0.21, or 11.1.9, or manually changing the default administrative password on unpatched systems. Detailed advisories are available from CISA at https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-265-01.json and the official CVE record at https://www.cve.org/CVERecord?id=CVE-2025-35042.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Airship AI Acropolis is an AI-powered enterprise platform for video and data management in physical security applications, which aligns with Other Platforms as it is not a framework, library, or specific AI sub-domain like NLP or Computer Vision libraries.