Authentic8 Support

Associated CVE IDs
None Applicable to Authentic8

Description
Authentic8 confirms that the Silo platform does not utilize the specific React Server Components associated with the recently reported vulnerabilities highlighted below:

CVE-2025-55182 (Critical - CVSS 10.0): This is the primary “unauthenticated remote code execution” (RCE) vulnerability. It affects React Server Components (RSC) and allows an unauthenticated attacker to execute code on the server by sending a malicious request.
CVE-2025-66478: Next.js versions affected by the vulnerability above (often technically mapped back to CVE-2025-55182).

Authentic8 Security has completed an internal investigation and verified that our services are not directly impacted.

Findings
Following the disclosure of vulnerabilities affecting React Server Components, including potential unauthenticated remote code execution, Authentic8 Security immediately initiated a triage of our codebase.

We have determined that the vulnerable components are not present in our environment. Consequently, the Silo platform is not subject to these exploits.

To ensure comprehensive security, we have also contacted our third-party subprocessors to verify their status. We will continue to monitor the situation and update this advisory should any new relevant information emerge.

Disclaimer
Because this is a developing security event, Authentic8 reserves the right to change or update this advisory at any time and expects to update it as new information becomes available. This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in this advisory or materials linked herein is at your own risk.

Please contact Support for any additional questions