PT-2025-41572 · Ash · Ash
Jonatan Männchen
+2
·
Published
2025-10-10
·
Updated
2025-10-15
·
CVE-2025-48043
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
ash versions prior to 3.6.2
Description
An incorrect authorization issue exists in ash-project ash, allowing authentication bypass. The issue is associated with the program files
lib/ash/policy/authorizer/authorizer.ex and the Elixir.Ash.Policy.Authorizer:strict filters/2 routine.Recommendations
Upgrade to version 3.6.2 to address the issue.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ash