Privilege escalation in Team-alembic Ash_authentication

CVE-2025-25202

Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy _or_ are manuall…

Vulnerability class: Privilege Escalation

EPSS: 0.003 (20.3th percentile) — read the EPSS interpretation.

Affected products

Team-alembic Ash_authentication — versions >= 4.1.0, < 4.4.9

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

https://github.com/team-alembic/ash_authentication/security/advisories/GHSA-qrm9-f75w-hg4c (x_refsource_CONFIRM)
https://github.com/team-alembic/ash_authentication/commit/2dee55252df26fe3d990ff1199397cdcf1bfea8a (x_refsource_MISC)