Cyber Resilience

CVE-2025-0937

High

Published: 12 February 2025

Published
12 February 2025
Modified
15 December 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0018 39.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0937 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Hashicorp Nomad. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 39.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0937 affects Nomad Community and Nomad Enterprise, where an event stream configured with a wildcard namespace can bypass ACL policies, enabling reads on other namespaces. This vulnerability, published on 2025-02-12T19:15:09.687, carries a CVSS score of 7.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) and is classified under CWE-863 (Incorrect Authorization).

An attacker requires low privileges (PR:L) to exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation grants high confidentiality impact (C:H) by allowing unauthorized reads of data in other namespaces, alongside low integrity impact (I:L) and no availability impact (A:N), without changing the scope (S:U).

The HashiCorp security advisory provides details on this issue at https://discuss.hashicorp.com/t/hcsec-2025-02-nomad-vulnerable-to-event-stream-namespace-acl-policy-bypass-through-wildcard-namespace/73191.

EU & UK References

Vulnerability details

Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

ACL bypass in Nomad event stream directly enables unauthorized cross-namespace data access, mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-28951Shared CWE-863
CVE-2026-42432Shared CWE-863
CVE-2024-40771Shared CWE-863
CVE-2026-34972Shared CWE-863
CVE-2025-0360Shared CWE-863
CVE-2026-4639Shared CWE-863
CVE-2026-42429Shared CWE-863
CVE-2026-41404Shared CWE-863
CVE-2020-36969Shared CWE-863
CVE-2026-24428Shared CWE-863

Affected Assets

hashicorp
nomad
1.0.0 — 1.7.18 · 1.0.0 — 1.9.6 · 1.8.0 — 1.8.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations in accordance with access control policies, directly preventing the ACL policy bypass via wildcard namespaces in Nomad event streams.

prevent

Requires identification, reporting, and correction of system flaws like the incorrect authorization in Nomad event streams allowing unauthorized namespace reads.

prevent

Applies least privilege to restrict low-privileged users from accessing data in other namespaces despite the authorization bypass.

References