Vulnerability in Niklas Portmann Azure Based Remote Cache Plugin For Nx

CVE-2025-36852

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those using Amazon S3, Google Cloud Storage, or similar object storage) that allows any contributor w…

EPSS: 0.002 (9.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-36852?
CVE-2025-36852 is a vulnerability in Niklas Portmann Azure Based Remote Cache Plugin For Nx, classified under Inclusion of Functionality from Untrusted Control Sphere. Published 2025-06-10.
Is CVE-2025-36852 known to be exploited?
3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.