Summary:

Basware monitors security vulnerabilities and Threat feeds in the third-party software and open-source components that may be used in our services. This document highlights the most significant public disclosed advisories that could be of concern to our customers.

How Basware Handles Security Advisories?

• Our focus is on providing transparency and highlighting the issues most relevant to our customers. 
• Basware reviews advisory from industry-recognized and authoritative sources and evaluates their potential relevance to our services. Where no impact is identified, this is clearly stated in the table below 

 

Date	Link to Security advisory	CVE(s)	Status	Basware's Response
3/12/2025	Critical Security Vulnerability in React Server Components – React	CVE-2025-55182	Not Affected	Basware has reviewed this advisory and confirms that none of its services are affected.
22/09/2025	SonicWall Releases Advisory for Customers after Security Incident | CISA	NA	Not Affected	Basware has reviewed this advisory and confirms that none of its services are affected.
15/09/2025	"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26)	NA	Not Affected	Basware has reviewed this advisory and confirms that none of its services are affected.
08/09/2025	npm Supply Chain Attack via Open Source maintainer compromise | Snyk	NA	Not Affected	Basware has reviewed this advisory and confirms that none of its services are affected.
10/05/2025	Oracle Security Alerts CVE-2025-61882	CVE-2025-61882	Not Affected	Basware has reviewed this advisory and confirms that none of its services are affected.