Return to CVE list

CVE-2025-1296

6.5
Medium

CVE-2025-1296

security@hashicorp.com
Awaiting Analysis
View on MITREFind on GitHub

Description

Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

security@hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2025-04-nomad-exposes-sensitive-workload-identity-and-client-secret-token-in-audit-logs/73737