This page aggregates publicly disclosed CVE and security risk information related to airship.ai, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-35042 | Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9. | 9119a7d8-5eab-497f-8521-727c672e3725 | 9.3 | 0.16% | 2025-09-22 | 2025-12-19 |
| CVE-2025-35041 | Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9. | 9119a7d8-5eab-497f-8521-727c672e3725 | 7.7 | 0.10% | 2025-09-22 | 2025-12-19 |