Xactly has investigated the recently published vulnerabilities regarding React and Next.js, 'React2Shell' (CVE‑2025‑55182 and CVE‑2025‑66478).
Following an internal audit of our technology stack, we have verified that Xactly services remain unaffected, as our production environment does not rely on the vulnerable components or configurations identified.
We remain committed to the highest standards of security and data integrity. If you require further information, please reach out to your Xactly representative.
Xactly shall use information collected for its relevant and intended purpose only. If there is any change of use of the personal data collected, Xactly shall inform you and gain your approval before making such changes to the use of the personal data collected. Further, Xactly shall take reasonable steps to ensure that the personal data collected is accurate and reliable for its intended use.
