High severityNVD Advisory· Published Jun 11, 2025· Updated Jun 11, 2025
Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job
CVE-2025-4922
Description
Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/nomadGo | < 1.10.2 | 1.10.2 |
Affected products
4- ghsa-coords2 versionspkg:golang/github.com/hashicorp/nomadpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 1.10.2+ 1 more
- (no CPE)range: < 1.10.2
- (no CPE)range: < 0.0.20250730T213748-1.1
- Range: 1.4.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.