Xactly has investigated the recently published vulnerabilities regarding React and Next.js, 'React2Shell' (CVE‑2025‑55182 and CVE‑2025‑66478).
Following an internal audit of our technology stack, we have verified that Xactly services remain unaffected, as our production environment does not rely on the vulnerable components or configurations identified.
We remain committed to the highest standards of security and data integrity. If you require further information, please reach out to your Xactly representative.
Xactly provides you with a choice to opt-out of disclosure of your personal data to a third party or the use of personal data for something other than it was originally collected. If you would like to opt-out, please contact privacy@xactlycorp.com or write to us at the address below.
Xactly collects information under the direction of its customers and has no direct relationship with the individuals whose personal data it processes. If you are an individual whose personal data was provided to Xactly by an Xactly customer (such customer, the “data controller”) and would no longer like to be contacted by the data controller that uses our Platforms, please contact the data controller that you interact with directly.
