CVE-2025-4922 Information

Description

Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability identified as CVE-2025-4922 is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2 1.9.10 and 1.8.14.

Reference

https://discuss.hashicorp.com/t/hcsec-2025-12-nomad-vulnerable-to-incorrect-acl-policy-lookup-attached-to-a-job/75396