Token Exposure Vulnerability in Nomad Community and Enterprise by HashiCorp
CVE-2025-1296
Summary
Nomad Community and Nomad Enterprise by HashiCorp have a vulnerability that may expose sensitive workload identity tokens and client secret tokens in audit logs. This can lead to unauthorized access if exploited, allowing attackers to gain insights into the workloads and services running within the Nomad environment. HashiCorp has addressed this issue in the latest releases, specifically in Nomad Community Edition 1.9.7 and Nomad Enterprise versions 1.9.7, 1.8.11, and 1.7.19.
Affected Version(s)
Nomad 64 bit 1.0.0 < 1.9.7
Nomad Enterprise 64 bit 1.0.0 < 1.9.7
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles

CVE-2025-1296 Workload Identity Token Exposure in HashiCorp No...
Workload Identity Token Exposure in HashiCorp Nomad Prior to Patched Versions Nomad Community and Enterprise versions are susceptible to a security vulnerabili
3 weeks ago
References
CVSS V3.1
Timeline
- 📰
First article discovered by Vulmon
Vulnerability published
Vulnerability Reserved