Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4DescriptionCVE.org
Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.
AnalysisAI
CVE-2025-4922 is a security vulnerability (CVSS 8.1). High severity vulnerability requiring prompt remediation.
Technical ContextAI
Vulnerability type not specified by vendor. CVSS 8.1 indicates high severity.
RemediationAI
Monitor vendor channels for patch availability.
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL autho
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privi
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates use
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. Rated critical severity (CVSS 9.8)
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using eithe
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using worklo
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenti
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to p
Host namespace escape in HashiCorp Nomad and Nomad Enterprise lets an authenticated job submitter bypass the allow_privi
Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume cr
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file wri
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Information Disclosure
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | DNE | - |
| noble | DNE | - |
| oracular | DNE | - |
| plucky | DNE | - |
| upstream | needs-triage | - |
| questing | DNE | - |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| (unstable) | fixed | (unfixed) | - |
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18112
GHSA-rx97-6c62-55mf