Security Announcement on CVE-2025-55182/66478

We will update this announcement with new details as they emerge from our analysis. Please check back periodically.

Last update: 16 December 2025, 11:00 AM CET

Regarding the recently published critical security vulnerabilities CVE-2025-55182 and CVE-2025-66478, known as React2Shell (Remote Code Execution via insecure deserialization in React Server Components), we hereby want to inform you that enaio® is not affected by these vulnerabilities, as the specific, vulnerable technologies and frameworks that form the basis of this security gap are not used in our products.

The critical vulnerabilities CVE-2025-55182 and CVE-2025-66478 affect applications that utilize the React Server Components (RSC) Flight protocol, which is standard in newer versions of React and Next.js.

Since enaio® is built on a different technological basis and does not use the affected components, there is no risk for our customers from React2Shell.

If you have any questions or need assistance, please contact the support team of OPTIMAL SYSTEMS as usual.

Further official information on CVE-2025-55182 and CVE-2025-66478 can be found at the National Institute of Standards and Technology.

Navigation

Navigate through the help pages using the table of contents on the left. If it is not displayed when the window width is small, you can temporarily show it via the hamburger menu on the right.

Use the arrows on the toolbar to navigate to the next/previous page.

You can show hidden areas. Use the toolbar to show all hidden areas at once:

Clicking the product icon in the header returns you to the beginning of the current area. Use the toolbar to access the initial page: