Nx Identifies Critical Security Vulnerability in Build Cache Systems Affects Thousands of Organizations Worldwide
GILBERT, Ariz.--(BUSINESS WIRE)--Security researchers at Nx have disclosed a critical vulnerability affecting build systems with remote caching capabilities, potentially impacting thousands of organizations that rely on these systems for CI/CD pipeline performance. The vulnerability, designated CVE-2025-36852 and nicknamed "CREEP" (Cache Race-condition Exploit Enables Poisoning), carries a severity score of 9.4 and allows any developer with pull request access to inject malicious code into production artifacts.
Historical breaches like Target (2013), SolarWinds (2020), and Codecov (2021) demonstrate how compromised build processes can lead to devastating outcomes.
The Vulnerability
Remote caching in CI is widely adopted across the software industry to dramatically improve build performance to drastically reduce build times. However, the CREEP vulnerability exploits a fundamental flaw in how most organizations implement these systems, creating an unintended pathway for untrusted code to contaminate production deployments.
"Most organizations are unknowingly giving every PR author the power to poison production without leaving a trace," explains the Nx research team. "While companies invest millions in security infrastructure including firewalls, access controls, and code reviews, their remote cache can create a bypass to all of it."
Industry Impact
The vulnerability affects organizations using any build system with remote caching where untrusted environments can write to the same cache used by trusted environments.
"This isn't just a theoretical risk," according to Victor Savkin, CTO, Nx. "Historical breaches like Target (2013), SolarWinds (2020), and Codecov (2021) demonstrate how compromised build processes can lead to devastating outcomes."
The vulnerability is particularly concerning because it can be exploited by individuals with legitimate access. Further, the attacker can erase all traces of the exploit.
Immediate Recommendations
Security researchers recommend that all organizations using build systems with remote caching immediately:
Review CVE-2025-36852 details and technical analysis
Assess their current caching implementation against the three mitigation options
Determine acceptable risk tolerance based on security and compliance requirements
Implement appropriate safeguards based on their chosen option
Review access controls for all repositories and build systems
Expert Commentary
"The CREEP vulnerability highlights a critical blind spot in modern DevOps security," said Victor Savkin. "Organizations have focused heavily on securing the delivery pipeline while inadvertently creating vulnerabilities in the build process itself. It's like poisoning food while it's being cooked rather than during delivery."
The vulnerability underscores the need for security measures that address the entire software supply chain, not just the final deployment stages.
About the Research
The CREEP vulnerability was discovered by researchers at Nx through analysis of various build systems that support remote caching. The research team emphasizes that while remote caching remains critical for build performance, it must be implemented with the same security rigor applied to production access controls.
Detailed technical analysis and remediation guidance are available at https://nx.dev/blog/creep-vulnerability-build-cache-security.
Note to editors: CVE-2025-36852 has been assigned and published by the CVE Program.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNET
38 minutes ago
- CNET
Act Fast to Get the Incredible Beats Fit Pro Earbuds for Just $110
If you want some of the best workout earbuds that also happen to be some of the best noise-canceling earbuds and best earbuds overall, then you'd probably be expecting to pay a huge amount of money. It doesn't have to be like that though. Right now on Woot, you can get your hands on the incredible Beats Fit Pro while they're down to just $110, which is a $90 discount on the normal price. That's a genuinely great sale, and also the lowest price we've ever seen for them. These sleek true wireless earbuds feature a stemless design with flexible wing tips that keep them securely in place, even during your most rigorous workouts. Plus, they boast an IPX4 weather-resistance rating, so they're protected against sweat and splashing. Hey, did you know? CNET Deals texts are free, easy and save you money. Internally, they're equipped with Apple's H1 chip, which provides excellent noise-cancelling capabilities and spatial audio support. They also have a transparency mode for when you need to be more aware of your surroundings, and get up to 24 hours of playback time per charge. This is definitely one of the best earbuds deals you're going to see for a while. Why this deal matters Earning a spot on multiple lists of the best earbuds of 2025, the Beats Fit Pro are one of the absolute best pairs on the market right now. Which means that — even at full price — they're still a pretty good value. So they're an incredible bargain now that you can pick them up at a record-low price.
Yahoo
an hour ago
- Yahoo
Magnetic Confinement Fusion Leads the Charge in Global Fusion Energy Efforts
The global fusion energy market, driven by international collaborations and private ventures, is advancing rapidly with a focus on magnetic and inertial confinement approaches. Key projects like ITER and SPARC, alongside firms such as Commonwealth Fusion Systems and TAE Technologies, are pivotal in demonstrating net-energy gain. The market is in the late R&D phase, with commercial deployment expected by the early 2030s. Asia-Pacific is set to lead production, propelled by regional demand and government initiatives. Despite challenges like high costs, the market is booming due to the growing need for clean energy and advancements in plasma control. Major players include General Fusion, Helion, and TAE Technologies. Fusion Energy Market Dublin, June 27, 2025 (GLOBE NEWSWIRE) -- The "Fusion Energy Market - A Global and Regional Analysis: Focus on Application, Technology, Fuel Cycle, and Country Analysis - Analysis and Forecast, 2025-2034" report has been added to global fusion energy market is characterized by a dynamic ecosystem of large-scale international collaborations, government-backed research consortia, and a burgeoning cadre of private ventures, all converging on magnetic confinement (tokamaks and stellarators) and inertial confinement approaches. Projects such as ITER and SPARC exemplify multi-billion-dollar efforts to demonstrate net-energy gain, while companies like Commonwealth Fusion Systems, TAE Technologies, and General Fusion are deploying high-temperature superconducting magnets, advanced plasma heating, and proprietary target designs to accelerate prototype timelines. Concurrent advances in AI/ML-driven plasma control, novel refractory materials capable of withstanding extreme neutron fluxes, and modular reactor architectures underscore the sector's commitment to de-risking scale-up and achieving cost-effective, commercially viable fusion power. Fusion Energy Market Lifecycle StageFusion energy remains in the late R&D and early demonstration phase of its market lifecycle, with most technologies at technology-readiness levels (TRLs) 4-7, translating bench-scale breakthroughs into engineering prototypes. While governments and grid operators prepare regulatory frameworks and licensing pathways, commercial deployment is anticipated in the early 2030s as pilot plants validate continuous operation and tritium fuel cycles. This nascent phase is marked by intense capital deployment, strategic partnerships between utilities and technology providers, and an evolving value chain that spans superconducting magnet manufacturers, plasma diagnostics suppliers, and systems integrators - setting the stage for transition to first-of-a-kind commercial reactors. Fusion Energy Market Key Players and Competition SynopsisThe fusion energy market features a competitive landscape driven by a mix of multinational research consortia and ambitious private ventures. On the public side, the ITER collaboration - backed by the EU, United States, China, India, Japan, Korea and Russia - serves as the flagship tokamak project, while national laboratories such as the U.S. Department of Energy's Princeton Plasma Physics Laboratory and Europe's EUROfusion program advance stellarator and alternative confinement the private sector, Commonwealth Fusion Systems harnesses high-temperature superconducting magnets in compact tokamaks, TAE Technologies pursues beam-driven field-reversed configurations, General Fusion develops magnetized target fusion via piston-driven compression, and Tokamak Energy focuses on spherical tokamaks with rapidly deployable HTS is further intensified by strategic partnerships with academic institutions and industrial suppliers, differentiated technology roadmaps, and escalating venture capital and government funding, as each player races to demonstrate net-energy gain and establish a foothold in the emerging commercial fusion Energy Market Segmentation: Power Generation is one of the prominent application segments in the global fusion energy market. The global fusion energy market is estimated to be led by the magnetic confinement fusion segment in terms of type. In the fusion energy market, Asia-Pacific is anticipated to gain traction in terms of production, with increasing infrastructure demand and government initiatives. Demand Drivers and Limitations The following are the demand drivers for the global fusion energy market: AI/ML-Driven Plasma Control and Optimization Growing demand for clean and sustainable energy sources The global fusion energy market is expected to face some limitations as well due to the following challenges: High cost and technical complexity for fusion energy technology Regulatory and Public Acceptance Some prominent names established in the fusion energy market are: General Fusion Helion NearStar Fusion Zap Energy TAE Technologies Commonwealth Fusion Systems Avalanche Fusion Energy Solutions of Hawaii Longview Fusion Energy Systems Serva Energy LPP Fusion Thea Energy First Light Marvel Fusion Kyoto Fusioneering Key Attributes: Report Attribute Details No. of Pages 120 Forecast Period 2025 - 2034 Estimated Market Value (USD) in 2025 $291.42 Billion Forecasted Market Value (USD) by 2034 $445.2 Billion Compound Annual Growth Rate 4.8% Regions Covered Global Key Topics Covered: Executive SummaryScope and DefinitionMarket/Product DefinitionKey Questions AnsweredAnalysis and Forecast Note1. Markets: Industry Outlook1.1 Trends: Current and Future Impact Assessment1.2 Market Dynamics Overview1.2.1 Market Drivers1.2.2 Market Restraints1.2.3 Market Opportunities1.3 Regulatory & Policy Impact Analysis1.4 Patent Analysis1.5 Start-Up Landscape1.6 Investment Landscape and R&D Trends1.7 Future Outlook and Market Roadmap1.8 Value Chain Analysis1.9 Global Pricing Analysis1.10 Industry Attractiveness2. Fusion Energy Market (by Application)2.1 Application Segmentation2.2 Application Summary2.3 Fusion Energy Market (by Application)2.3.1 Power Generation2.3.2 Research and Development2.3.3 Space Propulsion2.3.4 Industrial Applications3. Fusion Energy Market (by Product)3.1 Product Segmentation3.2 Product Summary3.3 Fusion Energy Market (by Technology)3.3.1 Magnetic Confinement Fusion3.3.2 Inertial Confinement Fusion3.3.3 Stellarators3.3.4 Spheromaks3.4 Fusion Energy Market (by Fuel Cycle)3.4.1 Deuterium Tritium3.4.2 Deuterium3.4.3 Deuterium Helium 33.4.4 Proton Boron4. Fusion Energy Market (by Region)4.1 Fusion Energy Market (by Region)4.2 North America4.2.1 Regional Overview4.2.2 Driving Factors for Market Growth4.2.3 Factors Challenging the Market4.2.4 Application4.2.5 Product4.2.6 North America (by Country)4.2.6.1 U.S.4.2.6.1.1 Market by Application4.2.6.1.2 Market by Product4.2.6.2 Canada4.2.6.2.1 Market by Application4.2.6.2.2 Market by Product4.2.6.3 Mexico4.2.6.3.1 Market by Application4.2.6.3.2 Market by Product4.3 Europe4.4 Asia-Pacific4.5 Rest-of-the-World5. Markets - Competitive Benchmarking & Company Profiles5.1 Next Frontiers5.2 Geographic Assessment5.3 Company Profiles5.3.1 Overview5.3.2 Top Products/Product Portfolio5.3.3 Top Competitors5.3.4 Target Customers5.3.5 Key Personnel5.3.6 Analyst View5.3.7 Market Share6. Research MethodologyFor more information about this report visit About is the world's leading source for international market research reports and market data. We provide you with the latest data on international and regional markets, key industries, the top companies, new products and the latest trends. Attachment Fusion Energy Market CONTACT: CONTACT: Laura Wood,Senior Press Manager press@ For E.S.T Office Hours Call 1-917-300-0470 For U.S./ CAN Toll Free Call 1-800-526-8630 For GMT Office Hours Call +353-1-416-8900
Business Wire
3 hours ago
- Business Wire
Tineco Launches Prime Day Offers: Make This Summer Chore-Free
PARIS--(BUSINESS WIRE)--Summer is for unwinding, not for doing chores. Starting today, Tineco is offering exclusive discounts on its best-selling products to make cleaning faster, more efficient—and almost enjoyable. Stylish, smart, and high-performing, these vacuums and floor washers are designed to elevate your daily routine while helping you save money. Enjoy these offers from June 28 to July 11, 2025, exclusively on Tineco's Amazon Store, and unlock an additional 5% off with promo code TINPRIME25. (Original price: €699 – Prime Day: €429) Perfect for cleaning under low furniture, this floor washer stands out with its 180° Stretch Technology, ultra-slim head, and long-lasting battery. It vacuums and mops in one step, with optimal maneuverability for both wide-open spaces and tight corners. FLOOR ONE STRETCH S6 (Original price: €599 – Prime Day: €389) Compact and agile, this model combines Stretch technology with a lightweight design—ideal for everyday cleaning. It offers strong suction, ease of use, and daily space-saving convenience. PURE ONE S9 Artist (Original price: €899 – Prime Day: €699) Designed for precise, high-end cleaning, the PURE ONE S9 Artist blends powerful suction, smart dirt detection via iLoop™ sensor, and sleek design. A top choice for modern and demanding interiors. PURE ONE STATION 5 Plus (Original price: €459 – Prime Day: €359) This stick vacuum features a smart 3-in-1 station that charges, empties, and self-cleans the unit. A hygienic, hassle-free solution that's always ready to go. CARPET ONE Cruiser (Original price: €699 – Prime Day: €559) Specifically designed for carpet cleaning, this model offers powerful suction and ultra-fast drying thanks to PowerDry™ technology—perfect for deep cleaning without the wait. Offers available on Amazon until July 11, 2025 About Tineco Tineco was founded in 1998 with its first SKU as a vacuum cleaner and, in 2019, pioneered the first-ever smart vacuum. Today, the brand has innovated into a global leader offering intelligent appliances across home categories, including floor care, kitchen, and personal care. Tineco is dedicated to its brand vision of making life easier through smart technologies and consistently innovating new devices. For more information, please visit
