How to fix CVE-2025-0937?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Is Nomad affected by CVE-2025-0937?

CVE-2025-0937 presents moderate security risk, a incorrect authorization vulnerability rated CVSS 7.1. Attackers could bypass security controls to gain unauthorized access to protected resources and sensitive data.

CVE-2025-0937

HIGH

2025-02-12 [email protected]

Authentication Bypass Nomad Redhat

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:26 vuln.today

CVE Published

Feb 12, 2025 - 19:15 nvd

HIGH 7.1

DescriptionNVD

Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.

AnalysisAI

Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces. Affected products include: Hashicorp Nomad.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.

Vendor StatusVendor

CVE-2025-0937 vulnerability details – vuln.today

Back