Trust Center

We are aware of the recently disclosed vulnerability CVE-2025-55182 — widely known as “React2Shell” — which affects certain versions of React Server Components (RSC) and frameworks built on top of it (e.g. Next.js).

After a full review of our development and production environments, our dependency inventory, and build pipelines, we confirm that none of our services or infrastructure rely on the vulnerable React/Next.js versions or affected packages. As a result, there are no indicators of vulnerability, exploitation, or exposure related to CVE-2025-55182 in our environment.

We maintain continuous monitoring of public disclosures, open-source dependencies, and supply-chain risks. We also enforce strict software-dependency and version management policies. As the situation evolves, we remain ready to respond, and will update this page should our assessment change.

For further questions or concerns, please reach out to security@orca.security.

We are aware of the recently reported Gainsight security incident that may have exposed data through compromised Salesforce integrations. Our Security and Engineering teams promptly assessed our environment and confirm that Orca Security is not impacted.

Orca does not use Gainsight or any affected integrations in our systems. Our review found no exposure or unauthorized access related to this incident and we will continue to maintain strict vendor-risk oversight and active monitoring across our ecosystem.

We will keep tracking developments in this case and provide further updates if anything changes. For any questions, please contact security@orca.security.

We’re aware of the renewed Shai-Hulud npm supply chain attacks impacting open-source ecosystems. After a full review, we confirm that Orca Security is not affected — none of our systems or dependencies use the compromised packages. Our teams continue to actively monitor for related threats to ensure ongoing protection for our customers.

We are aware of the recently disclosed Shai Hulud supply chain malware campaign targeting software vendors and their customers. After a thorough review by our Security and Engineering teams, we can confirm that Orca Security is not impacted.

• No Exposure: Orca Security does not use the affected components or software packages identified in this campaign.
• Continuous Monitoring: Our threat intelligence and security monitoring controls actively track developments in supply chain and third-party risks.
• Customer Safety: No action is required from our customers in response to this event.

We will continue to monitor the situation closely and provide updates if new, relevant information emerges.
If you have further questions, please contact us at security@orca.security

We can confirm that Orca Security is not directly affected by this incident. Though while Orca is engaged with Salesloft, we do not use the Salesdrift service, but some of our vendors are. Orca is currently investigating whether any of our subprocessors have been affected. As a precautionary measure, we will perform necessary actions (such as key rotations, integrations review, etc) to mitigate any potential risks we uncover.

Protecting our customers' data is a fundamental responsibility that we take very seriously. We appreciate your trust and want to assure you of our ongoing commitment to safeguarding your information. For further inquiries, please contact our security team at compliance@orca.security or reach out to your account representative.

A critical remote code execution (RCE) vulnerability, CVE-2025-53770, has been identified in on-premises Microsoft SharePoint Servers, allowing unauthenticated attackers to gain control of affected systems.

Orca Security is not affected by this vulnerability. We do not use Microsoft SharePoint in any of our corporate or production environments. Our cloud-native platform and corporate systems are secure and not exposed to the risks associated with this or related SharePoint vulnerabilities (CVE-2025-53771, CVE-2025-49704, CVE-2025-49706). We continue to monitor the threat landscape to ensure the security of our systems.