CVE-2025-1296 Information

Description

Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability identified as CVE-2025-1296 is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7 1.8.11 and 1.7.19.

Reference

https://discuss.hashicorp.com/t/hcsec-2025-04-nomad-exposes-sensitive-workload-identity-and-client-secret-token-in-audit-logs/73737