CVE-2025-48042
Published: Sep 7, 2025
Modified: May 27, 2026
Description
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routines 'Elixir.Ash.Actions.Create.Bulk':run/5, 'Elixir.Ash.Actions.Destroy.Bulk':run/6, 'Elixir.Ash.Actions.Update.Bulk:run'/6. This issue affects ash: from pkg:hex/ash before pkg:hex/[email protected], before 3.5.39, before 5d1b6a5d00771fd468a509778637527b5218be9a.
| Vendor | Product | Versions |
|---|---|---|
ash-project | ash | affected 0 - < 3.5.39 |
ash-project | ash | affected 0 - < 5d1b6a5d00771fd468a509778637527b5218be9a |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now