Trust Center

Automox’s Security team proactively evaluated our environment for any potential exposure to the React2Shell vulnerability (CVE-2025-55182). Using a purpose-built scanner and direct verification of framework versions, we confirmed that Automox’s web applications do not exhibit the vulnerable behavior and utilize React versions not affected by this issue.

At this time, there is no evidence of vulnerability or impact to Automox systems or customer data. We continue to perform routine validation across all components as part of our ongoing security best practices.

Automox will update this advisory promptly if new information becomes available.

Automox utilizes the open-source version of NGINX, which is maintained by F5, Inc. Following F5’s disclosure of a security incident in August 2025 involving certain internal systems, Automox conducted an internal review to assess any potential impact to our environments or customers.

Based on F5’s official disclosure and our independent verification, Automox systems were not affected. F5 has publicly stated:

“We have no evidence that the threat actor accessed or modified the NGINX source code or product development environment, nor do we have evidence they accessed or modified our F5 Distributed Cloud Services or Silverline systems.”
— F5 Security Incident Disclosure

Link: https://my.f5.com/manage/s/article/K000154696

Automox continues to monitor the situation and maintain communication with trusted partners to ensure the integrity and security of our software supply chain.

Automox discontinued use of the Drift product, including the Salesforce integration, in April 2025. Per our standard practice, the API keys that allowed Drift to integrate with our Salesforce tenant were disabled.

On August 25, 2025, the Automox security team was alerted by an industry partner that our name had appeared in a non-public victim list. We were able to ascertain the precise job id of the query that the actor attempted to run against our Salesforce tenant on August 18th. Salesforce Support confirmed to us that the query was unsuccessful and returned no data. We also confirmed that additional indicators from various threat reports were not run against the Automox Salesforce tenant.

Regardless, we immediately rotated all API keys and credentials stored in Salesforce, including Salesforce credentials themselves. We further conducted a proactive investigation of all systems which had Drift integrations between August 8th and 18th, but we found no anomalous activity. We disabled any remaining integrations from Drift to our internal systems.

There was a recent update pushed for version 8.8.3. The Notepad++ team provided an update on their blog as well. The relevant links are below.

https://notepad-plus-plus.org/news/v883-self-signed-certificate/

We are aware of EDR software flagging Notepad++ as malware. The maintainers are also aware of this issue and have posted to their website; a related Github issue was posted last week as well. Moreover, PatchSafe caught Notepad++ and our Security Operations team investigated and determined that it was a false positive. The relevant links are below.

https://notepad-plus-plus.org/news/8.8.2-available-in-1-week-without-certificate/

https://github.com/notepad-plus-plus/notepad-plus-plus/issues/16770.

Today, Automox updated our ingress controller in response to the Ingress Nightmare vulnerability released by Wiz Security. Customers may have noticed a brief disruption to remote control and other API services in the console as the upgrades happened. If you have further questions please contact customer support.