Vulnerability Details CVE-2025-35041
Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.8%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-35041
-
cpe:2.3:a:airship.ai:acropolis:*
-
cpe:2.3:a:airship.ai:acropolis:11.0.0
-
cpe:2.3:a:airship.ai:acropolis:11.1.0