216.73.216.215

CVE-2025-35041

· Published 22/09/2025 16:15 · Modified 22/09/2025 21:22

Labels: CVE-2025-35041 2025-09-229119a7d8-5eab-497f-8521-727c672e3725CVE-2025-35041CWE-307

Essential information

Published
22/09/2025 16:15
Modified
22/09/2025 21:22
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
9119a7d8-5eab-497f-8521-727c672e3725
NVD
View on NVD

Affected products (CPE)

ProductCPE
airship / ai acropolis cpe:2.3:a:airship:ai_acropolis:10.2.35:*:*:*:*:*:*:*
airship / ai acropolis cpe:2.3:a:airship:ai_acropolis:11.0.21:*:*:*:*:*:*:*
airship / ai acropolis cpe:2.3:a:airship:ai_acropolis:11.1.9:*:*:*:*:*:*:*

References