Home / Security updates / Demandbase Statement on React Vulnerabilities (as of December 8, 2025)
Demandbase Statement on React Vulnerabilities (as of December 8, 2025)
Security updates detail rendered from /security-updates/upd_2d5950700f433d6d.
Overview
| ID | upd_2d5950700f433d6d |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Demandbase |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_2d5950700f433d6d |
| providerId | safebase |
| organizationId | org_02cde4bf66757cb7 |
| trustCenterId | tc_d607273b03427f9f |
| title | Demandbase Statement on React Vulnerabilities (as of December 8, 2025) |
| message | Demandbase is aware of the recently disclosed critical remote code execution (RCE) vulnerabilities affecting the React Server Components (RSC) “Flight” protocol (CVE-2025-55182) and certain frameworks, including Next.js (CVE-2025-66478). These vulnerabilities may allow unauthenticated attackers to execute arbitrary server-side JavaScript when vulnerable RSC payload handling is present. Following the disclosure, Demandbase conducted a comprehensive review of our environments and dependency stacks. This assessment identified a single component that referenced a vulnerable public image, which was immediately addressed and remediated. No other affected components or vulnerable package versions were identified in our production services. Based on the results of our investigation and the remediation performed, Demandbase is not currently impacted by these vulnerabilities. The vulnerable component was addressed before any exploitable conditions were present, and no Demandbase systems, infra |
| url | - |
| publishedAt | 2025-12-09 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_02cde4bf66757cb7",
"name": "Demandbase",
"domains": [
"trust.demandbase.com",
"demandbase.com"
]
} |
| trust_center | {
"id": "tc_d607273b03427f9f",
"name": "Demandbase",
"url": "https://trust.demandbase.com",
"host": "trust.demandbase.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_2d5950700f433d6d",
"company": "/v1/companies/org_02cde4bf66757cb7",
"trust_center": "/v1/trust-centers/tc_d607273b03427f9f",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_2d5950700f433d6dJSON