Trust Site

Demandbase is aware of the recently disclosed critical remote code execution (RCE) vulnerabilities affecting the React Server Components (RSC) “Flight” protocol (CVE-2025-55182) and certain frameworks, including Next.js (CVE-2025-66478). These vulnerabilities may allow unauthenticated attackers to execute arbitrary server-side JavaScript when vulnerable RSC payload handling is present.

Following the disclosure, Demandbase conducted a comprehensive review of our environments and dependency stacks. This assessment identified a single component that referenced a vulnerable public image, which was immediately addressed and remediated. No other affected components or vulnerable package versions were identified in our production services.

Based on the results of our investigation and the remediation performed, Demandbase is not currently impacted by these vulnerabilities. The vulnerable component was addressed before any exploitable conditions were present, and no Demandbase systems, infrastructure, or customer data were exposed.

We will continue to monitor developments related to these vulnerabilities, maintain close engagement with our engineering and security teams, and update this page if new information emerges.

For additional details, please refer to the NIST advisories:
https://nvd.nist.gov/vuln/detail/CVE-2025-55182

Demandbase has reviewed the broader reports regarding the Salesloft and Drift incident. After a thorough review of our systems and integrations in light of this new information, we can confirm the following:

• No OAuth Connection: Demandbase's integration with Drift does not use OAuth or maintain a connected Salesforce integration through Salesloft or Drift.

• Due Diligence: Our security and engineering teams conducted audits of our infrastructure using multiple security technologies and monitoring systems. These audits have not identified any impact to Demandbase systems, customer data, or our Salesforce environment.

We will continue to closely monitor developments and will provide further updates if necessary.

Demandbase is aware of a critical zero-day vulnerability affecting Microsoft SharePoint Server, which is reportedly being exploited in a widespread campaign. Demandbase initiated an internal investigation to determine if any Microsoft SharePoint Server instances are currently deployed in our environment.

Using Demandbase's infrastructure discovery and configuration management tools, along with asset inventories and audit reports, the Demandbase Security team has confirmed that no Microsoft SharePoint Server instances are present in our environment. Based on this assessment, we have found no evidence of exposure to this vulnerability.

We will continue to monitor this situation closely and will reassess our environment should new indicators of compromise or attack vectors emerge. If any updates become necessary, we will communicate them promptly. For more information, please refer to the advisories posted by NIST: CVE-2025-53771

On August 9th, 2024, Demandbase received intelligence regarding a zero-day vulnerability affecting certain browsers, including Chrome, Firefox, and Safari. This vulnerability allows external websites to communicate with, and potentially exploit, software running locally on macOS and Linux systems.

Upon learning of this issue, Demandbase conducted an internal investigation and found no affected endpoints. Demandbase uses an unaffected version of Chrome, along with recommended advisory controls.

We will continue to closely monitor developments related to this vulnerability, and will provide updates if necessary.

On July 31st, 2024, Demandbase became aware of a new software supply chain security concern involving DigiCert SSL/TLS certificates. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data.

Demandbase has multiple security technologies that permit us to audit our infrastructure. Using these technologies and reports, our team searched and did not find any evidence of DigiCert certificates in our environment. We continue to monitor this situation and will provide further updates if necessary.