CVE-2025-35042 is a critical vulnerability identified in the Airship AI Acropolis platform, caused by the use of default administrative credentials that are identical across all installations. This vulnerability stems from CWE-1392, which refers to the use of default or hardcoded credentials. Specifically, the product includes a default administrative account with a preset username and password that is not unique per deployment. If administrators fail to change these default credentials, remote attackers can exploit this weakness to gain unauthorized administrative access without requiring any authentication, user interaction, or prior privileges. The vulnerability allows attackers to fully compromise the affected system, potentially leading to complete control over the Airship AI Acropolis instance. The CVSS 4.0 score of 9.3 reflects the critical nature of this flaw, highlighting its ease of exploitation (network attack vector, no authentication or user interaction needed) and the high impact on confidentiality, integrity, and availability. The issue has been addressed in versions 10.2.35, 11.0.21, and 11.1.9, indicating that earlier versions remain vulnerable. No known exploits are currently reported in the wild, but the simplicity of exploitation and the severity of impact make this a high-risk vulnerability requiring immediate attention. The vulnerability affects all versions prior to the fixed releases, and the lack of unique credentials per installation represents a significant security oversight in the product's deployment model.

For European organizations using Airship AI Acropolis, this vulnerability poses a severe risk. Unauthorized administrative access can lead to full system compromise, including data theft, manipulation, or destruction, disruption of AI-driven operations, and potential lateral movement within the network. Given that Airship AI Acropolis may be used in critical AI infrastructure or data processing environments, exploitation could undermine business continuity, intellectual property security, and regulatory compliance (e.g., GDPR). The ability for remote attackers to gain privileged access without authentication increases the risk of widespread attacks, especially in sectors relying heavily on AI technologies such as finance, manufacturing, healthcare, and government agencies. The vulnerability could also be leveraged for espionage or sabotage, particularly in organizations involved in sensitive or strategic AI research and development. The absence of known exploits in the wild does not diminish the urgency, as the vulnerability’s characteristics make it an attractive target for attackers seeking to exploit default credentials.

European organizations should immediately verify whether their Airship AI Acropolis deployments are running vulnerable versions prior to 10.2.35, 11.0.21, or 11.1.9. The primary mitigation is to upgrade to one of the fixed versions as soon as possible. Until upgrades are applied, organizations must change the default administrative credentials to strong, unique passwords to prevent unauthorized access. Network-level controls should be implemented to restrict access to the management interfaces of Airship AI Acropolis instances, ideally limiting connections to trusted IP addresses or VPNs. Monitoring and logging should be enhanced to detect any unauthorized login attempts or suspicious activities related to administrative accounts. Additionally, organizations should conduct thorough audits of user accounts and permissions within the platform to ensure no default or weak credentials remain. Implementing multi-factor authentication (MFA) for administrative access, if supported by the product, would further reduce risk. Finally, organizations should review and update their incident response plans to include scenarios involving compromise of AI infrastructure components.