Nx Identifies Critical Security Vulnerability in Build Cache Systems Affects Thousands of Organizations Worldwide
Security researchers at Nx have disclosed a critical vulnerability affecting build systems with remote caching capabilities, potentially impacting thousands of organizations that rely on these systems for CI/CD pipeline performance. The vulnerability, designated CVE-2025-36852 and nicknamed "CREEP" (Cache Race-condition Exploit Enables Poisoning), carries a severity score of 9.4 and allows any developer with pull request access to inject malicious code into production artifacts.
