Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

CVE‑2025‑55182

Diane Roy
Diane Roy
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 18, 2025

We’re assessing exposure to CVE‑2025‑55182 (React Server Components) and the related Next.js advisory.  Can anyone tell me if the Atlassian products are built using these components.  I have contacted support 5 times and keep getting fobbed off.

Answer
Watch
Like Be the first to like this
1051 views

2 answers

0 votes
Vishalakshi Narayana Swamy
Vishalakshi Narayana Swamy
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 22, 2025

Hi @Diane Roy

Welcome to Atlassian community!!

You recently asked whether your Confluence Cloud site is impacted by CVE‑2025‑55182, a critical remote code execution vulnerability affecting React Server Components (sometimes referred to as “React2Shell”).

Atlassian has completed an internal review of Confluence Cloud’s architecture and dependencies. Based on this investigation, Confluence Cloud is not affected by CVE‑2025‑55182. As a result, no action is required on your side to mitigate this CVE for Confluence Cloud.

As part of our standard security practice, Atlassian continuously monitors newly disclosed vulnerabilities in both Atlassian code and third‑party dependencies. If our assessment were ever to change, we would update our public documentation and advisories accordingly.

For general security information and future updates, you can refer to Atlassian’s Security Advisories page:
Security Advisories | Atlassian

Best Regards,

Vishalakshi Narayanaswamy

Reply
0 votes
Dan Breyen
Dan Breyen
Community Champion
December 18, 2025

Hi @Diane Roy I'm not sure if you're going to get an answer to your question from the Community here, but I did request that Support review this post.  

I did find a few pages online that might be a good reference to Atlassian Security.

Atlassian Vulnerability Disclosure Portal 

Atlassian Security Advisories 

But neither of them referenced your CVE.

Hope that helps.

View More Comments
Diane Roy
Diane Roy
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 18, 2025

Thank you, i have raised 5 separate support tickets asking this question and each time I've been told to raise a support ticket!!  For a company the size of Atlassian its pretty poor support.

Appreciate your answer.

 

Like
Sunny Ape
Sunny Ape
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
December 21, 2025

Hello @Diane Roy 

Sorry to butt in, but I can provide a different perspective?

Atlassian have a huge number of staff working to constantly monitor security advisories then take action to update and keep their systems secure and in compliance with a vast number of internationally recognised security compliance standards they adhere to, so it's highly unlikely this one particular security vulnerability has somehow escaped their attention.

They would be well aware of CVE‑2025‑55182 and, if they were affected, have already taken action to mitigate it and will let everyone know about that in next month's Security Advisory Bulletin and also publish the same in the Vulnerability Disclosure Portal that @Dan Breyen has mentioned.

This is what they've done for more than a decade, rather than respond to individual audit requests or attestations on specific vulnerabilities.

I advise to wait until January for the next monthly advisory bulletin to be released.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security