VYPR
Unrated severityNVD Advisory· Published Sep 22, 2025· Updated Sep 30, 2025

Airship AI Acropolis MFA insufficient rate limiting

CVE-2025-35041

Description

Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the 6-digit MFA code. Fixed in 10.2.35, 11.0.21, and 11.1.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Airship AI/Acropolisllm-create2 versions
    <10.2.35, <11.0.21, <11.1.9+ 1 more
    • (no CPE)range: <10.2.35, <11.0.21, <11.1.9
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.