Security Portal

Following the disclosure of React2Shell (CVE-2025-55182), Addigy immediately conducted a review of all of its libraries, third-party packages, and systems.

After the review, we have determined that none are vulnerable to React2Shell. We do not use the React framework, its server components, nor Next.js in any of our systems.

The necessary components for the React2Shell vulnerability are not present in Addigy systems.

If you have any questions or need additional information, please contact our security team directly at security@addigy.com.

Update to Gainsight Security Incident

On Monday, December 15 2025, Addigy completed our immediate and thorough investigation, which included verification with the Salesforce security team, confirms no customer data was exposed, accessed, or exfiltrated during this incident.

To secure our environment and as a precautionary measure, we have invalidated and rotated all tokens for any related systems. Log analysis indicates the only information potentially accessed was minimal Addigy employee user data (specifically company usernames and emails), which belongs exclusively to our employees.

Your security and trust remain our highest priority. If you have any questions, please contact our security team directly at security@addigy.com.

On Saturday, November 22 2025, Addigy was notified of a incident involving unauthorized access to its Salesforce Environment. The investigation suggests this occurred via a critical vulnerability with the integration between Gainsight Software and Salesforce.

This is a broader incident affecting organizations beyond Addigy, as detailed here: Salesforce Connection Failure

Impact and Investigation

• Addigy's Security Team is actively investigating the incident in collaboration with both Salesforce and Gainsight. Updates will be provided as the situation evolves.

• Core Services Unaffected: Addigy’s SaaS Cloud Interface and essential services related to Device Management and MDM remain functional and were not impacted.

• Data Exposure Status: At this time, the investigation indicates that only an internal Salesforce Environment login was attempted, and no customer data has been exposed. Further investigation is underway to affirm this conclusion.

Data Contained in Salesforce

Salesforce is used by Addigy for sales automation and account management, as part of Addigy’s subprocessors. The data stored includes Account Holder Names, Phone Numbers, and Emails.

If you have additional questions or need additional information, please contact security@addigy.com.

We have recently completed our audit and received the finalized SOC 2 Type II and SOC 3 reports for 2024!

They are now currently available on our Security Portal for your review.

Please reach out to us if there are any questions at security@addigy.com or compliance@addigy.com.

We have recently completed our audit and received our SOC 2 Type II and SOC 3 reports for 2023.

It is now currently available on our Security Portal for your review.

Please reach out to us if there are any questions at security@addigy.com or compliance@addigy.com.

Recently, Addigy has learned of a critical vulnerability involving MOVEit software.

Details of the vulnerabilities are in the following article: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/

As we do not use this software within the product, we are not impacted by this vulnerability in any way.