CVE-2025-25202: Ash Authentication Revoked Token Bypass
The configured token revocation action for AshAuthentication lacks a `:boolean` return type or explicitly disallows missing inputs with `allow_nil?: false`. This flawed action configuration fails to process token input gracefully, allowing revoked tokens to evade revocation checks and continue authenticating users. To fix this, specify `:boolean` as the retu
Elixirβgreprules fetch cve-2025-25202-ash-authentication-revoked-token-bypass --engine opengrepDescription
The configured token revocation action for AshAuthentication lacks a `:boolean` return type or explicitly disallows missing inputs with `allow_nil?: false`. This flawed action configuration fails to process token input gracefully, allowing revoked tokens to evade revocation checks and continue authenticating users. To fix this, specify `:boolean` as the retu
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0