CVE-2025-48043 | ash up to 3.6.1 authorizer.ex Elixir.Ash.Policy.Authorizer authorization (GHSA-7r7f-9xpj-jmr7)

Inserito da Angelo Barbosa | Ott 11, 2025 | CVE

A vulnerability was found in ash up to 3.6.1. It has been classified as critical. This issue affects the function Elixir.Ash.Policy.Authorizer in the library lib/ash/policy/authorizer/authorizer.ex. Performing manipulation results in incorrect authorization.

This vulnerability is cataloged as CVE-2025-48043. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.

CVE-2025-48043 | ash up to 3.6.1 authorizer.ex Elixir.Ash.Policy.Authorizer authorization (GHSA-7r7f-9xpj-jmr7)

Post correlati

CVE-2024-6758 | Sprecher Automation SPRECON-E 3.43 privileges management

CVE-2024-12041 | wpwax Directorist Plugin up to 8.0.12 on WordPress users exposure of private personal information to an unauthorized actor

CVE-2024-53270 | Envoy up to 1.29.11/1.30.8/1.31.4/1.32.2 sendOverloadError control flow (GHSA-q9qv-8j52-77p3)

CVE-2025-0615 | Qualifio Wheel of fortune path traversal