CVE-2025-35042 is a critical vulnerability identified in the Airship AI Acropolis platform, stemming from the use of default administrative credentials that are identical across all installations. This vulnerability is classified under CWE-1392, which pertains to the use of default credentials. The issue arises because the product ships with a default administrative account whose password is not unique per installation. If administrators fail to change this default password, remote attackers can exploit this weakness to gain unauthorized administrative access without any authentication barriers or user interaction. The vulnerability allows attackers to log in remotely and obtain full administrative privileges, potentially leading to complete system compromise. The CVSS 4.0 base score of 9.3 reflects the critical nature of this flaw, highlighting its ease of exploitation (no privileges or user interaction required), network attack vector, and the high impact on confidentiality, integrity, and availability. The vulnerability affects all versions prior to the fixed releases 10.2.35, 11.0.21, and 11.1.9. Although no known exploits are currently reported in the wild, the presence of default credentials is a well-known and frequently exploited security weakness, making this vulnerability a significant risk if left unmitigated. The lack of segmentation or additional security controls around the default account further exacerbates the threat, enabling attackers to potentially pivot within affected environments once access is gained.

For European organizations using Airship AI Acropolis, this vulnerability poses a severe risk. Given that administrative access grants full control over the system, exploitation could lead to unauthorized data access, data manipulation, service disruption, and lateral movement within corporate networks. This could result in significant operational downtime, data breaches involving sensitive or personal data protected under GDPR, and reputational damage. The criticality is heightened for sectors relying heavily on AI infrastructure for decision-making, automation, or data processing, such as finance, healthcare, manufacturing, and government agencies. Additionally, the ease of exploitation without authentication or user interaction means that attackers can rapidly compromise vulnerable systems remotely, potentially leading to widespread incidents if multiple instances remain unpatched or retain default credentials. The absence of known exploits in the wild does not diminish the urgency, as automated scanning tools can easily identify default credentials, increasing the likelihood of opportunistic attacks. Furthermore, the compromise of AI infrastructure might also facilitate manipulation of AI outputs or models, leading to erroneous decisions or undermining trust in AI-driven processes.

To mitigate this vulnerability effectively, European organizations should: 1) Immediately verify whether any Airship AI Acropolis installations are running affected versions and check if default administrative credentials remain unchanged. 2) Enforce a mandatory password change policy for all default accounts during initial setup and periodically thereafter. 3) Upgrade all affected Airship AI Acropolis instances to the fixed versions 10.2.35, 11.0.21, or 11.1.9 as soon as possible to eliminate the vulnerability at the source. 4) Implement network-level access controls restricting administrative interface exposure only to trusted management networks or VPNs to reduce attack surface. 5) Employ multi-factor authentication (MFA) for administrative access if supported by the platform to add an additional security layer. 6) Conduct regular audits and automated scans to detect the presence of default or weak credentials across AI infrastructure. 7) Monitor logs and network traffic for unusual login attempts or access patterns indicative of exploitation attempts. 8) Educate system administrators and security teams about the risks of default credentials and the importance of secure credential management. These steps go beyond generic advice by focusing on both immediate remediation and long-term security hygiene tailored to the specific vulnerability and product context.