Third‑Party Security Issues and Basware's Response

Summary:

Basware monitors security vulnerabilities in the third-party software and open-source components used in our services. This document highlights the most significant publicly disclosed vulnerabilities that could be of concern to our customers.

How Basware Handles Security Advisories?

Basware reviews each advisory, and when our services are not impacted, this is clearly stated in the table below.
Our focus is on providing transparency and highlighting the issues most relevant to our customers.

Date	Link to Third party Vulnerability Advisory	CVE(s)	Status	Basware's Response
3/12/2025	Critical Security Vulnerability in React Server Components – React	CVE-2025-55182	Not Affected	Basware has reviewed this advisory and confirms that none of its services are affected.
22/09/2025	SonicWall Releases Advisory for Customers after Security Incident \| CISA	NA	Not Affected	Basware has reviewed this advisory and confirms that none of its services are affected.
15/09/2025	"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26)	NA	Not Affected	Basware has reviewed this advisory and confirms that none of its services are affected.
08/09/2025	npm Supply Chain Attack via Open Source maintainer compromise \| Snyk	NA	Not Affected	Basware has reviewed this advisory and confirms that none of its services are affected.
10/05/2025	Oracle Security Alerts CVE-2025-61882	CVE-2025-61882	Not Affected	Basware has reviewed this advisory and confirms that none of its services are affected.