CVE-2025-35042
CRITICALDescription
Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| airship.ai | acropolis |
| airship.ai | acropolis |
| airship.ai | acropolis |
References
Frequently Asked Questions
What is CVE-2025-35042? +
How severe is CVE-2025-35042? +
What products are affected by CVE-2025-35042? +
How do I check if I'm vulnerable to CVE-2025-35042? +
Related Vulnerabilities
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might …
If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are …
Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with …
A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical …
NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created …
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.