Xactly has investigated the recently published vulnerabilities regarding React and Next.js, 'React2Shell' (CVE‑2025‑55182 and CVE‑2025‑66478).
Following an internal audit of our technology stack, we have verified that Xactly services remain unaffected, as our production environment does not rely on the vulnerable components or configurations identified.
We remain committed to the highest standards of security and data integrity. If you require further information, please reach out to your Xactly representative.
Xactly is headquartered in Los Gatos, California, in the United States. Xactly has appointed an internal data protection officer for you to contact if you have any questions or concerns about Xactly’s personal data policies or practices. Xactly’s data protection officer’s name and contact information are as follows:
