Vulnerability in Niklas Portmann Azure Based Remote Cache Plugin For Nx
CVE-2025-36852
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those using Amazon S3, Google Cloud Storage, or similar object storage) that allows any contributor w…
EPSS: 0.002 (9.1th percentile) — read the EPSS interpretation.
Affected products
- Niklas Portmann Azure Based Remote Cache Plugin For Nx — versions 0
- Niklas Portmann Minio Based Remote Cache Plugin For Nx — versions 0
- Niklas Portmann Nx Remote Cache Utilities — versions 0
- Nx Aws S3 Remote Cache Plugin For — versions 0
- Nx Azure Blob Remote Cache Plugin For — versions 0
- Nx Gcs Remote Cache Plugin For — versions 0
- Nx Shared File System Cache Plugin For — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-36852?
- CVE-2025-36852 is a vulnerability in Niklas Portmann Azure Based Remote Cache Plugin For Nx, classified under Inclusion of Functionality from Untrusted Control Sphere. Published 2025-06-10.
- Is CVE-2025-36852 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.