- Featured
B2B Edition
Advanced B2B features for enterprise plans.Catalyst
NewCreate stunning, high-performing storefronts that captivate and convert.Feedonomics
Omnichannel feed and data transformation.Multi-Storefront
Manage multiple unique stores from one account.International
Grow your brand across the globe.
- Launch Services
Overview
Chart your path to success with specialized services.Implementation Project Management
Experts to ensure you launch on time and under budget.Solution Architecture
Seasoned advisors to help you best design your store.Data Migration & Optimization
Expertise on a clean and clear path to migrating your data.Enterprise Launch Package
Personal training on how to set up and launch your BigCommerce Store.
Professional Services Blog Series
Get to know our teams and how they support your success in this Q&A series.
The Global B2B Buyer Behavior Report
This in-depth report provides actionable strategies to help you sell more online.
React Server Components Vulnerability 12/11
Create your store and start selling today.
Create your new website.
See if the BigCommerce platform is a good fit for your business.
No credit card required.
Written by
James Q Quick12/12/2025
A high-severity Denial of Service (CVE-2025-55184) and a medium-severity Source Code Exposure (CVE-2025-55183) related to React Server Components have been disclosed affecting React versions 19.0. This includes Next.js which is used for internal applications at Commerce as well as customers building storefronts using Catalyst and Makeswift.
To avoid exposure, Next.js and React need to be updated to their latest patched versions. Here’s what else you need to know specific to Commerce.
Actions we are taking
All affected Next.js applications at Commerce have been upgraded to a patched version of Next.js, addressing the vulnerability. We’ve also released Catalyst v1.3.7 which ships with a patched version of Next.js.
Actions you need to take
If you are running a Catalyst-based headless storefront, you will need to update it to a version that includes the patched releases of Next.js and React. The following Catalyst versions incorporate these fixes.
@bigcommerce/catalyst-core@1.3.7
@bigcommerce/catalyst-makeswift@1.3.8
For migration details, refer to the Catalyst 1.3.7 Release Notes.
Makeswift
Makeswift customers that are not using Catalyst should follow the Makeswift blog post for specific mitigation steps.
Build more than code. Build connections.
From edge cases to workarounds, learn from developers solving things in real time.