CVE-2025-48042 | ash up to 3.5.38 bulk.ex authorization (GHSA-jj4j-x5ww-cwh9 / EUVD-2025-27096)

A vulnerability, which was classified as problematic, has been found in ash up to 3.5.38. Affected by this vulnerability is an unknown functionality in the library lib/ash/actions/create/bulk.ex. Performing manipulation results in incorrect authorization.

This vulnerability is reported as CVE-2025-48042. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More