Auth bypass in Ash-project Ash

CVE-2025-48043

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict_f…

Vulnerability class: Broken Access Control

EPSS: 0.001 (30.3th percentile) — read the EPSS interpretation.

Affected products

Ash-project Ash — versions 0

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

github.com/ash-project/ash/security/advisories/GHSA-7r7f-9xpj-jmr7 (vendor-advisory, related)
cna.erlef.org/cves/CVE-2025-48043.html (related)
osv.dev/vulnerability/EEF-CVE-2025-48043 (related)
github.com/ash-project/ash/commit/66d81300065b970da0d2f4528354835d2418c7ae (patch)