The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three software vulnerabilities — affecting Daemon Tools, TanStack, and Nx Console — to its Known Exploited Vulnerabilities (KEV) catalog, confirming that threat actors are actively exploiting these flaws in the wild.

As reported by Security Affairs on 28 May, the three flaws have each been assigned CVE identifiers and listed alongside the relevant vendor advisories on CISA's KEV portal. The addition signals a heightened risk for organisations and individuals running the affected software.

What the KEV Listing Means

Inclusion in CISA's KEV catalog is not a routine advisory. Under Binding Operational Directive (BOD) 22-01, all U.S. federal civilian agencies are required to remediate listed vulnerabilities within specified deadlines. More broadly, the catalog serves as a global threat intelligence reference: a listing confirms that exploitation is occurring and that patches or mitigations are already available.

For IT security teams worldwide, the KEV catalog functions as a prioritisation tool. Any vulnerability appearing on the list has moved beyond theoretical risk into active weaponisation.

The Affected Software and Why It Matters

Each of the three products carries distinct risk implications:

  • Daemon Tools is a long-established Windows disc-imaging utility with a large installed base among consumers and enterprise users. A shell-level vulnerability in a widely deployed desktop application presents opportunities for local privilege escalation or code execution on endpoints.

  • TanStack is a suite of open-source developer tools — including the popular TanStack Query and TanStack Table libraries — used extensively in modern JavaScript and TypeScript web applications. A flaw in this toolchain introduces supply-chain risk, as compromised development dependencies can propagate vulnerabilities across thousands of downstream applications.

  • Nx Console is an extension for Visual Studio Code that integrates with the Nx build system, widely adopted in enterprise-scale monorepo workflows. Similar to TanStack, a vulnerability here threatens the software development pipeline itself, potentially allowing attackers to tamper with builds or exfiltrate source code from developer environments.

The inclusion of two developer-focused tools underscores a continuing trend: attackers are increasingly targeting the software supply chain and development infrastructure rather than relying solely on traditional network perimeter exploits.

Actionable Guidance

Organisations should take the following steps immediately:

  1. Identify exposure. Audit endpoints and development environments for instances of Daemon Tools, TanStack libraries, and the Nx Console VS Code extension.

  2. Apply patches. Consult the vendors' respective security advisories for the most current fixes. The KEV catalog entries on CISA's website link directly to remediation guidance and deadlines.

  3. Monitor for indicators of compromise. Given that exploitation is confirmed as active, security operations teams should review logs and endpoint telemetry for signs of compromise related to these products.

  4. Update dependency management. For the TanStack and Nx Console vulnerabilities in particular, development teams should verify that their lockfiles and CI/CD pipelines reference patched versions of affected packages.

CISA's move serves as a reminder that even developer tools and niche utilities are within scope for real-world attacks. Security teams should treat this update as a call to action, not merely a bulletin to file away.

美國網絡安全和基礎設施安全局(CISA)已將三個軟件漏洞——影響 Daemon Tools、TanStack 及 Nx Console——添加至其「已知被利用漏洞」(KEV)目錄中,確認威脅者正在現實環境中積極利用這些安全缺陷。

據 Security Affairs 於 5 月 28 日報導,這三個漏洞均已被分配 CVE 識別符,並連同相關供應商公告一併列於 CISA 的 KEV 入口網站。此項添加標誌著使用受影響軟件的組織及個人面臨的風險已提高。

KEV 上榜意味著什麼

被列入 CISA 的 KEV 目錄並非常規公告。根據《約束性操作指令》22-01,所有美國聯邦民用機構均須在指定期限內修復所列出的漏洞。更廣泛而言,該目錄作為全球威脅情報參考:一項上榜確認表明漏洞利用正在發生,且修補程式或緩解措施已經可用。

對於全球各地的資訊科技安全團隊而言,KEV 目錄是一個優先處理工具。任何出現在名單上的漏洞,已不僅是理論風險,而已進入實際被武器化的階段。

受影響軟件及其重要性

這三個產品各自帶來不同的風險影響:

  • Daemon Tools 是一款歷史悠久的 Windows 光碟映像工具,在消費者及企業用戶中擁有龐大的安裝基礎。一個廣泛部署的桌面應用程式中的 shell 層級漏洞,為端點上的本地權限提升或程式碼執行提供了可乘之機。

  • TanStack 是一套開源開發者工具——包括流行的 TanStack Query 和 TanStack Table 庫——廣泛應用於現代 JavaScript 和 TypeScript 網絡應用程式。此工具鏈中的缺陷引入了供應鏈風險,因為被篡改的開發依賴項可將漏洞傳播至數千個下游應用程式。

  • Nx Console 是一個適用於 Visual Studio Code 的擴展,與 Nx 構建系統整合,在企業級 monorepo 工作流程中被廣泛採用。與 TanStack 類似,此處的漏洞威脅軟件開發 pipeline 本身,可能允許攻擊者篡改構建或從開發者環境竊取原始碼。

其中兩個面向開發者的工具被收錄,突顯了一個持續的趨勢:攻擊者正日益瞄準軟件供應鏈和開發基礎設施,而非僅僅依賴傳統的網絡邊界攻擊手法。

可採取的行動指引

組織應立即採取以下步驟:

  1. 識別曝露情況。 審查端點及開發環境中 Daemon Tools、TanStack 庫及 Nx Console VS Code 擴展的實例。

  2. 應用修補程式。 諮詢各供應商的最新安全公告以獲取最新修復方案。CISA 網站上的 KEV 目錄條目直接連結至補救指引和期限。

  3. 監控入侵指標。 鑑於漏洞利用已被確認處於活躍狀態,安全營運團隊應檢視日誌和端點遙測數據,尋找與這些產品相關的入侵跡象。

  4. 更新依賴項管理。 特別是針對 TanStack 和 Nx Console 漏洞,開發團隊應驗證其 lockfiles 及 CI/CD pipeline 是否引用了受影響軟件包的已修補版本。

CISA 的此舉是一個提醒,即使是開發者工具和小眾實用程式也在現實世界攻擊的範圍之內。安全團隊應將此更新視為行動號召,而非僅僅一份歸檔的公告。

新聞來源 / Original News Source