Security Bulletin S25-05

Platform
Products
- Products
- Advanced Capabilities
- Integrations
Products

Identity Governance & Administration

Identity Security & Posture Management

Application Identity Security

Privileged Access Management

External Identity Management
Advanced Capabilities

Intelligent Recommendations

Just-in-Time Access

Non-Human Identity

Saviynt MCP Server

Agentic AI Identity
Integrations

Saviynt for AWS

Saviynt for SAP

Saviynt for ServiceNow

Saviynt for Crowdstrike

See more Integrations >
The Saviynt Identity Platform

Our AI-based platform enables you to deliver end-to-end identity security.

Explore
Solutions
- By Role
- By Use Case
- By Industry
By Role

CISO

CIO

IAM Director

Compliance & Risk Officer

DevOps

IT Auditor
By Use Case

Modernizing Legacy IGA

Zero Trust Identity

M&A and Divestitures

ERP Modernization

Cross-Application SoD
By Industry

Energy

Federal

Healthcare

Higher Education

Financial Services

Manufacturing

Retail

Insurance
Customers
- Customer
  - Customer Stories
Customer

Customer Stories
Why Customers Love Us

Trusted by global companies to secure over 100M+ identities

Learn Why
Company
- About Saviynt
About Saviynt

About Us

Leadership Team

Newsroom

Careers
Resources
- Resources
- Learning & Support
- Partners
Resources

Content Hub

Events & Webinars

Blog

Press Releases
Learning & Support

Customer Support

Knowledge Exchange

Saviynt University

Contact Us
Partners

Find a Partner

Become a Partner

Partner Portal
Get a Demo
Contact Us

Security Advisory – React2Shell Awareness

This is in reference to the recently disclosed vulnerability CVE-2025-66478, identified as a duplicate of CVE-2025-55182. The issue affects React Server Components and related frameworks, specifically Next.js, and has been classified as a potential Remote Code Execution (RCE). The React team published the details of this vulnerability on December 03, 2025 on an official blog post.

We have thoroughly investigated and analyzed this matter. We can confirm that the Saviynt EIC product platform does not utilize the related vulnerable components associated with this exploit. Saviynt is not exposed to the associated risks, and your service remains secure.

Contact Information

Any questions may be directed to security@saviynt.com

The Saviynt Identity Platform

Why Customers Love Us

Products

Advanced Capabilities

Integrations

The Saviynt Identity Platform

The Saviynt Identity Platform

Why Customers Love Us

By Role

By Use Case

By Industry

The Saviynt Identity Platform

Why Customers Love Us

Customer

Why Customers Love Us

The Saviynt Identity Platform

Why Customers Love Us

About Saviynt

The Saviynt Identity Platform

Why Customers Love Us

Resources

Learning & Support

Partners

Published Date: December 10, 2025

Security Bulletin S25-05

Security Advisory – React2Shell Awareness

Contact Information