Xactly has investigated the recently published vulnerabilities regarding React and Next.js, 'React2Shell' (CVE‑2025‑55182 and CVE‑2025‑66478).
Following an internal audit of our technology stack, we have verified that Xactly services remain unaffected, as our production environment does not rely on the vulnerable components or configurations identified.
We remain committed to the highest standards of security and data integrity. If you require further information, please reach out to your Xactly representative.
Xactly takes substantial precautions to protect data and information under its control from misuse, loss, or alteration. We utilize some of the most advanced technology available today for internet security and are constantly taking measures to adjust to the changing security landscape. As such, Xactly maintains layered, defense-in-depth security measures, including hosting our solution in a Tier IV (the highest recognized level) datacenter, to allow only authorized personnel access to your information. When you provide us with certain information (such as your login credentials), we transmit your personal data in an encrypted state.
Unfortunately, no system can ensure complete security, and Xactly disclaims any liability resulting from use of the Site. If you have any questions regarding security on our Site, you can contact us at privacy@xactlycorp.com.
