Ash · Ash · CVE-2025-48044
**Name of the Vulnerable Software and Affected Versions**
ash versions 3.6.3 through 3.7.1
**Description**
An incorrect authorization issue exists in ash, potentially allowing authentication bypass. The issue is associated with the `lib/ash/policy/policy.ex` file and the `Elixir.Ash.Policy.Policy`:expression/2 function.
**Recommendations**
Update to ash version 3.7.1.