CVE-2025-0937 Information

Description

Nomad Community and Nomad Enterprise (\Nomad) event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.

Reference

https://discuss.hashicorp.com/t/hcsec-2025-02-nomad-vulnerable-to-event-stream-namespace-acl-policy-bypass-through-wildcard-namespace/73191