Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3744

Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.

Published

2025-05-13T19:15:50.820

Last Modified

2025-05-15T16:45:32.517

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Secondary
CWE-266
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hashicorp	nomad	< 1.8.13	Yes
Application	hashicorp	nomad	< 1.9.9	Yes
Application	hashicorp	nomad	1.10.0	Yes
Application	hashicorp	nomad	1.10.0	Yes
Application	hashicorp	nomad	1.10.0	Yes

References

https://discuss.hashicorp.com/t/hcsec-2025-08-nomad-enterprise-vulnerable-to-violation-of-mandatory-sentinel-policies-in-job-submissions-via-policy-override/74935 Vendor Advisory ([email protected])