PT-2025-25213 · Hashicorp+1 · Nomad+1
Published
2025-06-11
·
Updated
2025-12-22
·
CVE-2025-4922
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Hashicorp Nomad versions prior to 1.10.2
Hashicorp Nomad versions prior to 1.9.10
Hashicorp Nomad versions prior to 1.8.14
Description
The issue is related to prefix-based ACL policy lookup in Nomad Community and Nomad Enterprise, which can lead to incorrect rule application and shadowing.
Recommendations
For versions prior to 1.10.2, update to Nomad Community Edition 1.10.2 or later.
For versions prior to 1.9.10, update to Nomad Enterprise 1.9.10 or later.
For versions prior to 1.8.14, update to Nomad Enterprise 1.8.14 or later.
Fix
LPE
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nomad
Red Os