Xactly has investigated the recently published vulnerabilities regarding React and Next.js, 'React2Shell' (CVE‑2025‑55182 and CVE‑2025‑66478).
Following an internal audit of our technology stack, we have verified that Xactly services remain unaffected, as our production environment does not rely on the vulnerable components or configurations identified.
We remain committed to the highest standards of security and data integrity. If you require further information, please reach out to your Xactly representative.
Through this Policy, Xactly hereby informs you of the purpose for which it collects, discloses, and uses personal data. Xactly will notify you in the event of any unintentional disclosure of your personal data to a third party, as required by applicable laws and regulations. You have the option to limit the use of any personal data through the means described herein.
