A critical security vulnerability has been discovered in HashiCorp Nomad’s Access Control List (ACL) system that allows attackers to escalate privileges through a flawed prefix-based policy lookup mechanism.
The vulnerability, tracked as CVE-2025-4922 in security bulletin HCSEC-2025-12, affects both Nomad Community and Enterprise editions across multiple versions and could enable unauthorized access to privileged operations without proper policy configuration.
The security vulnerability resides in Nomad’s ACL policy lookup mechanism, which performs prefix-based searches when retrieving policies associated with specific jobs.
This architectural weakness affects Nomad Community Edition versions 1.4.0 through 1.10.1, while Nomad Enterprise users face broader exposure with affected versions including 1.4.0 through 1.10.1, along with specific versions 1.9.9 and 1.8.13.
The vulnerability was internally discovered by HashiCorp’s engineering teams during routine security assessments, highlighting the importance of proactive security reviews in enterprise software development.
Nomad’s ACL system operates on a capability-based model where tokens are associated with policies that define granular access controls and operational permissions.
These policies determine which actions users and services can perform within the Nomad cluster environment.
The affected lookup mechanism was designed to efficiently retrieve relevant policies but inadvertently introduced a critical security gap that could be exploited by malicious actors with basic cluster access.
HashiCorp Nomad Vulnerability
The core vulnerability stems from how Nomad processes ACL policy queries for jobs, where the system performs prefix-based index lookups that can result in incorrect policy inheritance.
An attacker with legitimate access to create jobs can exploit this mechanism by crafting job names that share prefixes with existing privileged jobs.
For example, creating a job named “test-job-2” could inherit the same ACL policies as an existing “test-job”, effectively bypassing intended access restrictions.
This prefix matching behavior creates a policy shadowing scenario where newly created jobs automatically inherit permissions they should not possess.
The vulnerability enables privilege escalation attacks where low-privileged users can gain unauthorized access to sensitive operations, potentially compromising cluster security and data integrity.
The exploitation requires minimal technical sophistication, as attackers only need to understand the naming patterns of existing jobs and possess basic job creation permissions within the Nomad environment.
Remediation Strategy
HashiCorp has addressed this vulnerability through coordinated releases across multiple Nomad versions to ensure comprehensive coverage for all affected deployments.
Organizations running Nomad Community Edition should immediately upgrade to version 1.10.2, which contains the complete fix for the ACL lookup mechanism.
Enterprise customers have multiple remediation paths available, including upgrades to versions 1.10.2, 1.9.10, or 1.8.14, depending on their current deployment branch.
The remediation involves implementing proper policy lookup mechanisms that eliminate prefix-based matching vulnerabilities while maintaining system performance and functionality.
Organizations should conduct thorough risk assessments to evaluate their exposure level, particularly focusing on environments where multiple teams or users have job creation privileges.
Additionally, administrators should review existing job naming conventions and ACL policy configurations to identify potential exposure vectors that may have been inadvertently created prior to patching.
Implementation of security monitoring tools to detect unusual job creation patterns and policy inheritance behaviors can provide additional protection layers while organizations transition to patched versions.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
 system that allows attackers to escalate privileges.){kind=link}