Site24x7 Response to Axios Vulnerability Report

We are aware of the vulnerabilities reported on March 31, 2026, affecting specific versions of the Axios npm package (versions 1.14.1 and 0.30.4).

Upon thorough review and internal validation, we confirm that Site24x7 does not use the affected vulnerable versions within our environment. We continue to proactively monitor third-party dependencies and enforce strict security practices to ensure the integrity and safety of our services.

OpenSSL Security Vulnerability Update (CVE-2025-15467)

Following the public disclosure of CVE-2025-15467 on January 27, 2026, affecting certain OpenSSL releases, the Site24x7 security team completed a targeted assessment focused on the Site24x7 agent.


Our assessment confirms that while OpenSSL libraries are included in certain Site24x7 components, including the Site24x7 agent, the vulnerability is not exploitable in our architecture. The Site24x7 agent operates exclusively with outbound communication, does not accept inbound connections, and does not process external or untrusted CMS (PKCS#7) data. As a result, there is no viable attack surface for this issue.


We continue to monitor OpenSSL advisories and update dependencies through our standard security release process. Customers should independently assess and patch OpenSSL usage within their own environments as recommended. There is currently no evidence of active exploitation affecting Site24x7.

Security Review Update: React Server Components Vulnerability (CVE-2025-55182)

Site24x7 has completed a security review following the disclosure of the React Server Components remote code execution vulnerability tracked as CVE-2025-55182. Our evaluation confirms that Site24x7 services are not affected by this issue.

We continue to track upstream advisories and industry guidance related to this vulnerability. Customers should independently evaluate their application stacks and apply the recommended remediation steps for any affected components within their environments.

Supply Chain Security Notice: Shai-Hulud NPM Worm Activity

In response to the Shai-Hulud malware campaign targeting NPM packages, the Site24x7 security team performed an in-depth review of our dependency ecosystem and runtime environments. We have confirmed that Site24x7 has not been impacted by either the original campaign or subsequent variants.

As part of our ongoing security practices, Site24x7 has strengthened monitoring controls to detect malicious package behavior and continuously reviews dependencies for emerging threats. In addition, we actively monitor for potential exposure of Site24x7 credentials and notify customers promptly if any risk is identified.

2025 Penetration Testing Assessment

The 2025 penetration testing for Site24x7 was successfully completed by an independent, certified external security vendor. The assessment evaluated the security posture of Site24x7 applications and supporting infrastructure. Summary reports and certifications are available through our security portal.

OR

OR

Please be informed that confidential security documents will be shared only with the verified Site24x7 users upon the execution of a Non-Disclosure Agreement (NDA).

Kindly provide your verified Site24x7 email address:





This request will be forwarded to the Site24x7 Support team for verification.
The requested report will be shared upon successful validation and completion of the NDA process.
Your request has been successfully submitted. Our support team will get back to you shortly.
Site24x7 Logo Trust Center
Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.
Compliance Certifications
ISO/IEC 27001
ISO/IEC 27001
ISO/IEC 27701
ISO/IEC 27701
ISO/IEC 27017
ISO/IEC 27017
ISO/IEC 27018
ISO/IEC 27018
SOC 2 Type II
SOC 2 Type II
SOC 1 Type II
SOC 1 Type II
ISO/IEC 9001
ISO/IEC 9001
ISO/IEC 22301
ISO/IEC 22301
GDPR
GDPR
CCPA
CCPA
TX-RAMP Level 2
TX-RAMP Level 2
CSA STAR LEVEL ONE
CSA STAR LEVEL ONE
CSA STAR LEVEL TWO
CSA STAR LEVEL TWO
ENS
ENS
DESC
DESC
Risk Profile
Third Party Dependencies
Yes
Hosting
Self Hosted
Product Security
Audit Logging
Role Based Access Control(RBAC)
MFA
View More
Reports
Pentest Report
Self-Assessments
CAIQ
Data Security
Encryption at Rest
Encryption in Transit
Data Backups
View More
App Security
Bug Bounty Program
Code Analysis
Software Development Lifecycle
Vulnerability & Patch Management