CVE-2025-0937

Summary

Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.

Affected Software

VendorProductVersion RangeStatus
HashiCorpNomad1.0.0 < 1.9.6affected
HashiCorpNomad Enterprise1.0.0 < 1.9.6affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References