Summary;
ISPnext confirms that their products are not affected by the React Server Components vulnerability (CVE-2025-55182) since they use React 18.x and do not implement Server Components.
No security updates are needed, and they will monitor the situation and inform customers of any new risks.
ISPnext is aware of the recently disclosed vulnerability in React Server Components (CVE-2025-55182), also known as “React2Shell”. This vulnerability affects only systems using React 19 in combination with Server Components.
Our software solutions do not use React Server Components and furthermore run on React 18.x.
As a result, the relevant functionality is completely absent within our environment and products.
ISPnext products are therefore not susceptible to this vulnerability.
No additional security measures or updates are required on the part of our customers.
We continue to closely monitor developments regarding this notification.
Should new relevant insights or risks arise, we will communicate these.
For questions or further clarification, you can contact our support department.