cbcvebase.
CVE-2025-0937
published 2025-02-12

CVE-2025-0937: Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.

PriorityP338high7.1CVSS 3.1
AVNACLPRLUINSUCHILAN
EPSS
0.41%
32.9th percentile
Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.

Affected

5 ranges
VendorProductVersion rangeFixed in
hashicorpnomad>= 1.0.0 < 1.7.181.7.18
hashicorpnomad>= 1.0.0 < 1.9.61.9.6
hashicorpnomad>= 1.8.0 < 1.8.101.8.10
hashicorpnomad>= 1.9.0 < 1.9.61.9.6
hashicorpnomad_enterprise>= 1.0.0 < 1.9.61.9.6

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
osv7.1HIGH
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.