CVE-2025-48042

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-48042

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48042.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-48042

Aliases

Published

2025-09-07T16:15:51.240Z

Modified

2025-11-16T16:31:26.067509Z

Severity

7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routines 'Elixir.Ash.Actions.Create.Bulk':run/5, 'Elixir.Ash.Actions.Destroy.Bulk':run/6, 'Elixir.Ash.Actions.Update.Bulk:run'/6.

This issue affects ash: from pkg:hex/ash before pkg:hex/ash@3.5.39, before 3.5.39, before 5d1b6a5d00771fd468a509778637527b5218be9a.

References

Affected packages

Git / github.com/ash-project/ash

Affected ranges

Type: GIT
Repo: https://github.com/ash-project/ash
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5d1b6a5d00771fd468a509778637527b5218be9a

Affected versions

3.*

3.0.3

3.4.56

v0.*

v0.1.1

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.9

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.13.1

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.7.0

v0.8.0

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.10.0

v1.11.0

v1.11.1

v1.12.0

v1.13.0

v1.13.1

v1.13.2

v1.13.3

v1.13.4

v1.14.0

v1.15.0

v1.15.1

v1.16.0

v1.16.1

v1.16.2

v1.17.0

v1.17.1

v1.18.0

v1.18.1

v1.19.0

v1.19.1

v1.2.0

v1.2.1

v1.20.0

v1.20.1

v1.22.0

v1.22.1

v1.23.0

v1.23.1

v1.23.2

v1.23.3

v1.24.0

v1.24.1

v1.24.2

v1.25.0

v1.25.1

v1.25.2

v1.25.3

v1.25.4

v1.25.5

v1.25.6

v1.25.7

v1.25.8

v1.26.0

v1.26.1

v1.26.10

v1.26.11

v1.26.12

v1.26.13

v1.26.2

v1.26.3

v1.26.4

v1.26.5

v1.26.6

v1.26.7

v1.26.8

v1.26.9

v1.27.0

v1.27.1

v1.28.0

v1.28.1

v1.29.0-rc0

v1.29.0-rc1

v1.3.0

v1.3.1

v1.30.0

v1.30.1

v1.30.2

v1.31.0

v1.31.1

v1.32.0

v1.32.1

v1.32.2

v1.33.0

v1.34.0

v1.34.1

v1.34.2

v1.34.3

v1.34.5

v1.34.6

v1.34.7

v1.34.8

v1.34.9

v1.35.0

v1.35.1

v1.36.0

v1.36.1

v1.36.10

v1.36.11

v1.36.12

v1.36.13

v1.36.14

v1.36.15

v1.36.16

v1.36.17

v1.36.18

v1.36.19

v1.36.2

v1.36.21

v1.36.22

v1.36.3

v1.36.4

v1.36.5

v1.36.6

v1.36.7

v1.36.8

v1.36.9

v1.37.0

v1.37.2

v1.39.0

v1.39.1

v1.39.2

v1.39.3

v1.39.4

v1.39.5

v1.39.6

v1.39.7

v1.4.0

v1.4.1

v1.41.0

v1.41.1

v1.41.10

v1.41.11

v1.41.12

v1.41.2

v1.41.3

v1.41.4

v1.41.5

v1.41.6

v1.41.7

v1.41.8

v1.41.9

v1.42.0

v1.43.0

v1.43.1

v1.43.10

v1.43.11

v1.43.12

v1.43.2

v1.43.3

v1.43.4

v1.43.5

v1.43.6

v1.43.7

v1.43.8

v1.43.9

v1.44.0

v1.44.1

v1.44.10

v1.44.11

v1.44.12

v1.44.13

v1.44.2

v1.44.3

v1.44.4

v1.44.5

v1.44.6

v1.44.7

v1.44.8

v1.44.9

v1.45.0-rc0

v1.45.0-rc1

v1.45.0-rc10

v1.45.0-rc11

v1.45.0-rc12

v1.45.0-rc13

v1.45.0-rc14

v1.45.0-rc15

v1.45.0-rc16

v1.45.0-rc17

v1.45.0-rc18

v1.45.0-rc19

v1.45.0-rc2

v1.45.0-rc20

v1.45.0-rc3

v1.45.0-rc4

v1.45.0-rc5

v1.45.0-rc6

v1.45.0-rc7

v1.45.0-rc8

v1.45.0-rc9

v1.46.0

v1.46.1

v1.46.10

v1.46.11

v1.46.12

v1.46.13

v1.46.2

v1.46.3

v1.46.4

v1.46.5

v1.46.6

v1.46.7

v1.46.8

v1.46.9

v1.47.0

v1.47.1

v1.47.10

v1.47.11

v1.47.12

v1.47.2

v1.47.3

v1.47.4

v1.47.5

v1.47.6

v1.47.7

v1.47.8

v1.47.9

v1.48.0-rc.0

v1.48.0-rc.1

v1.48.0-rc.10

v1.48.0-rc.11

v1.48.0-rc.12

v1.48.0-rc.13

v1.48.0-rc.14

v1.48.0-rc.15

v1.48.0-rc.16

v1.48.0-rc.17

v1.48.0-rc.18

v1.48.0-rc.19

v1.48.0-rc.2

v1.48.0-rc.20

v1.48.0-rc.21

v1.48.0-rc.22

v1.48.0-rc.23

v1.48.0-rc.24

v1.48.0-rc.25

v1.48.0-rc.26

v1.48.0-rc.27

v1.48.0-rc.28

v1.48.0-rc.29

v1.48.0-rc.3

v1.48.0-rc.30

v1.48.0-rc.4

v1.48.0-rc.5

v1.48.0-rc.6

v1.48.0-rc.8

v1.48.0-rc.9

v1.49.0

v1.5.0

v1.5.1

v1.50.0

v1.50.1

v1.50.10

v1.50.11

v1.50.12

v1.50.13

v1.50.14

v1.50.15

v1.50.16

v1.50.17

v1.50.18

v1.50.19

v1.50.2

v1.50.20

v1.50.21

v1.50.3

v1.50.4

v1.50.5

v1.50.6

v1.50.7

v1.50.8

v1.50.9

v1.51.0

v1.51.1

v1.51.2

v1.52.0-rc.0

v1.52.0-rc.1

v1.52.0-rc.10

v1.52.0-rc.11

v1.52.0-rc.12

v1.52.0-rc.13

v1.52.0-rc.14

v1.52.0-rc.15

v1.52.0-rc.16

v1.52.0-rc.17

v1.52.0-rc.18

v1.52.0-rc.19

v1.52.0-rc.2

v1.52.0-rc.20

v1.52.0-rc.21

v1.52.0-rc.22

v1.52.0-rc.3

v1.52.0-rc.4

v1.52.0-rc.5

v1.52.0-rc.6

v1.52.0-rc.7

v1.52.0-rc.8

v1.52.0-rc.9

v1.53.0

v1.53.1

v1.53.2

v1.53.3

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.7.0

v1.8.0

v1.9.0

v2.*

v2.0.0

v2.0.0-rc.0

v2.0.0-rc.1

v2.0.0-rc.10

v2.0.0-rc.11

v2.0.0-rc.12

v2.0.0-rc.13

v2.0.0-rc.14

v2.0.0-rc.15

v2.0.0-rc.2

v2.0.0-rc.3

v2.0.0-rc.4

v2.0.0-rc.5

v2.0.0-rc.6

v2.0.0-rc.7

v2.0.0-rc.8

v2.0.0-rc.9

v2.1.0

v2.10.0

v2.10.1

v2.10.2

v2.11.0

v2.11.0-rc.0

v2.11.0-rc.1

v2.11.0-rc.2

v2.11.0-rc.3

v2.11.1

v2.11.10

v2.11.11

v2.11.2

v2.11.3

v2.11.4

v2.11.5

v2.11.6

v2.11.7

v2.11.8

v2.11.9

v2.12.0

v2.12.1

v2.13.0

v2.13.1

v2.13.2

v2.13.3

v2.13.4

v2.14.0

v2.14.1

v2.14.10

v2.14.11

v2.14.12

v2.14.13

v2.14.14

v2.14.15

v2.14.16

v2.14.17

v2.14.18

v2.14.19

v2.14.2

v2.14.20

v2.14.21

v2.14.3

v2.14.4

v2.14.5

v2.14.6

v2.14.7

v2.14.8

v2.14.9

v2.15.0

v2.15.1

v2.15.10

v2.15.11

v2.15.12

v2.15.13

v2.15.14

v2.15.15

v2.15.16

v2.15.17

v2.15.18

v2.15.19

v2.15.2

v2.15.20

v2.15.3

v2.15.4

v2.15.5

v2.15.6

v2.15.7

v2.15.8

v2.15.9

v2.16.0

v2.16.1

v2.17.0

v2.17.1

v2.17.10

v2.17.11

v2.17.12

v2.17.13

v2.17.14

v2.17.15

v2.17.16

v2.17.17

v2.17.18

v2.17.19

v2.17.2

v2.17.20

v2.17.21

v2.17.22

v2.17.23

v2.17.24

v2.17.3

v2.17.4

v2.17.5

v2.17.6

v2.17.7

v2.17.8

v2.17.9

v2.18.0

v2.18.1

v2.18.2

v2.19.0

v2.19.1

v2.19.10

v2.19.11

v2.19.12

v2.19.13

v2.19.14

v2.19.2

v2.19.3

v2.19.4

v2.19.5

v2.19.6

v2.19.7

v2.19.8

v2.19.9

v2.2.0

v2.20.0

v2.20.1

v2.20.2

v2.20.3

v2.21.0

v2.21.1

v2.21.2

v2.3.0

v2.4.0

v2.4.1

v2.4.10

v2.4.11

v2.4.12

v2.4.13

v2.4.14

v2.4.15

v2.4.16

v2.4.17

v2.4.18

v2.4.19

v2.4.2

v2.4.20

v2.4.21

v2.4.22

v2.4.23

v2.4.24

v2.4.25

v2.4.26

v2.4.27

v2.4.28

v2.4.29

v2.4.3

v2.4.30

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.5.0

v2.5.0-rc.0

v2.5.0-rc.1

v2.5.0-rc.2

v2.5.0-rc.3

v2.5.0-rc.4

v2.5.0-rc.5

v2.5.0-rc.6

v2.5.1

v2.5.10

v2.5.11

v2.5.12

v2.5.13

v2.5.14

v2.5.15

v2.5.16

v2.5.2

v2.5.4

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6.0

v2.6.1

v2.6.10

v2.6.11

v2.6.12

v2.6.13

v2.6.14

v2.6.15

v2.6.16

v2.6.17

v2.6.18

v2.6.19

v2.6.2

v2.6.20

v2.6.21

v2.6.22

v2.6.23

v2.6.24

v2.6.25

v2.6.26

v2.6.27

v2.6.29

v2.6.3

v2.6.30

v2.6.31

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7.0

v2.7.1

v2.8.0

v2.8.1

v2.9.0

v2.9.1

v2.9.10

v2.9.11

v2.9.12

v2.9.13

v2.9.14

v2.9.15

v2.9.16

v2.9.17

v2.9.18

v2.9.19

v2.9.2

v2.9.20

v2.9.21

v2.9.22

v2.9.23

v2.9.24

v2.9.25

v2.9.26

v2.9.27

v2.9.28

v2.9.29

v2.9.3

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.8

v2.9.9

v3.*

v3.0.0-rc.0

v3.0.0-rc.1

v3.0.0-rc.10

v3.0.0-rc.11

v3.0.0-rc.12

v3.0.0-rc.13

v3.0.0-rc.14

v3.0.0-rc.15

v3.0.0-rc.16

v3.0.0-rc.17

v3.0.0-rc.18

v3.0.0-rc.19

v3.0.0-rc.2

v3.0.0-rc.20

v3.0.0-rc.21

v3.0.0-rc.22

v3.0.0-rc.23

v3.0.0-rc.24

v3.0.0-rc.25

v3.0.0-rc.26

v3.0.0-rc.27

v3.0.0-rc.29

v3.0.0-rc.3

v3.0.0-rc.30

v3.0.0-rc.31

v3.0.0-rc.32

v3.0.0-rc.33

v3.0.0-rc.34

v3.0.0-rc.35

v3.0.0-rc.36

v3.0.0-rc.37

v3.0.0-rc.38

v3.0.0-rc.4

v3.0.0-rc.40

v3.0.0-rc.41

v3.0.0-rc.42

v3.0.0-rc.43

v3.0.0-rc.44

v3.0.0-rc.45

v3.0.0-rc.46

v3.0.0-rc.5

v3.0.0-rc.6

v3.0.0-rc.7

v3.0.0-rc.8

v3.0.0-rc.9

v3.0.1

v3.0.10

v3.0.11

v3.0.12

v3.0.13

v3.0.14

v3.0.15

v3.0.16

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1.1

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.4.1

v3.4.10

v3.4.11

v3.4.12

v3.4.13

v3.4.14

v3.4.15

v3.4.16

v3.4.17

v3.4.18

v3.4.19

v3.4.2

v3.4.20

v3.4.21

v3.4.23

v3.4.24

v3.4.25

v3.4.26

v3.4.27

v3.4.28

v3.4.29

v3.4.3

v3.4.30

v3.4.31

v3.4.32

v3.4.33

v3.4.34

v3.4.35

v3.4.36

v3.4.37

v3.4.38

v3.4.39

v3.4.4

v3.4.40

v3.4.41

v3.4.42

v3.4.43

v3.4.44

v3.4.45

v3.4.46

v3.4.47

v3.4.48

v3.4.5

v3.4.50

v3.4.51

v3.4.53

v3.4.54

v3.4.55

v3.4.56

v3.4.57

v3.4.58

v3.4.59

v3.4.6

v3.4.61

v3.4.62

v3.4.63

v3.4.64

v3.4.65

v3.4.66

v3.4.67

v3.4.68

v3.4.69

v3.4.7

v3.4.70

v3.4.71

v3.4.72

v3.4.73

v3.4.8

v3.4.9

v3.5.1

v3.5.10

v3.5.11

v3.5.12

v3.5.13

v3.5.14

v3.5.15

v3.5.16

v3.5.17

v3.5.18

v3.5.19

v3.5.2

v3.5.21

v3.5.22

v3.5.23

v3.5.24

v3.5.25

v3.5.26

v3.5.27

v3.5.28

v3.5.29

v3.5.3

v3.5.30

v3.5.31

v3.5.32

v3.5.33

v3.5.35

v3.5.36

v3.5.37

v3.5.38

v3.5.4

v3.5.5

v3.5.6

v3.5.7

v3.5.8

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48042.json"