CVE-2025-1296

Published Mar 10, 2025

Last updated 25 days ago

CVSS medium 6.5

Overview

Description
Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.
Source
security@hashicorp.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

security@hashicorp.com
CWE-532

Social media

Hype score
Not currently trending

  1. 🟠 Nomad, Information Exposure, #CVE-2025-1296 (Moderate) https://t.co/Of4ycXeZQ1

    @dailycve

    10 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References