![i0.wp.comcezannehr.comwp-contentuploads201603cezanne-hr-logo.png]](https://knowledge-base.cezannehr.com/hs-fs/hubfs/social-suggested-images/i0.wp.comcezannehr.comwp-contentuploads201603cezanne-hr-logo.png?height=46&name=i0.wp.comcezannehr.comwp-contentuploads201603cezanne-hr-logo.png){kind=logo}
React2Shell Incident 08/12/2025
Cezanne HR has reviewed all systems and components within the Cezanne HR & Payroll service (Cezanne OnDemand) and Cezanne Recruitment platforms for exposure to the React2Shell (CVE-2025-55182) vulnerability that was publicly disclosed on 3rd December 2025.
We can confirm that the Cezanne HR & Payroll platform does not contain any React services or components and is therefore unaffected by the React2Shell vulnerability.
The Cezanne Recruitment platform does contain a small number of services based on React. One such service was dependant on a version of the Next.js React framework affected by React2Shell vulnerability. That service was immediately upgraded to the latest patched versions of Next.js and React and is therefore no longer exposed to the vulnerability.
No other Cezanne Recruitment platform components have been affected.
Next Steps
No further action is required. This vulnerability has been fully addressed across all Cezanne platforms.