CRE-2025-0046
NATS Permissions Violation DetectedMediumImpact: 4/10Mitigation: 4/10
CRE-2025-0046View on GitHub
Description
The NATS server has emitted an **Permission Violation** log entry, meaning\na client attempted to publish or subscribe to a subject for which it lacks\npermission.\n
Mitigation
- **Verify credentials** – confirm the `.creds`, NKey, or JWT files in\n the client deployment are correct.\n- **Check permissions** – in the server configuration (`authorization {}`) \n or the account JWT, ensure the user/account is allowed to perform the\n attempted PUB/SUB operation.\n- **Rotate or re-issue keys/JWTs** if credentials are compromised or\n expired, and update all clients.\n- **Audit repeated failures** – turn on verbose server logs temporarily\n and review for malicious activity or configuration drift.\n