Unrated severityNVD Advisory· Published Sep 22, 2025· Updated Sep 30, 2025
Airship AI Acropolis MFA insufficient rate limiting
CVE-2025-35041
Description
Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<10.2.35, <11.0.21, <11.1.9+ 1 more
- (no CPE)range: <10.2.35, <11.0.21, <11.1.9
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.