CVE-2025-3744 Information

Description

Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability identified as CVE-2025-3744 is fixed in Nomad Enterprise 1.10.1 1.9.9 and 1.8.13.

Reference

https://discuss.hashicorp.com/t/hcsec-2025-08-nomad-enterprise-vulnerable-to-violation-of-mandatory-sentinel-policies-in-job-submissions-via-policy-override/74935