Xactly has investigated the recently published vulnerabilities regarding React and Next.js, 'React2Shell' (CVE‑2025‑55182 and CVE‑2025‑66478).
Following an internal audit of our technology stack, we have verified that Xactly services remain unaffected, as our production environment does not rely on the vulnerable components or configurations identified.
We remain committed to the highest standards of security and data integrity. If you require further information, please reach out to your Xactly representative.
Regardless of the country of origin or residence, Xactly may process your personal data in the U.S. Xactly collects and transfer to the U.S. personal data only:
with your consent;
to perform a contract with you or to provide a service to you;
for purposes of communicating with you; or
to fulfill a compelling legitimate interest of Xactly in a manner that does not outweigh your rights and freedoms.
Xactly takes care to apply suitable safeguards to protect the privacy and security of your personal data. We only use your personal data consistent with your relationship with Xactly and the practices described in this Policy. Xactly also minimizes the risk to your rights and freedoms by not collecting or storing sensitive information about you.
