A high-severity Denial of Service (CVE-2025-55184) and a medium-severity Source Code Exposure (CVE-2025-55183) related to React Server Components have been disclosed affecting React versions 19.0. This includes Next.js which is used for internal applications at Makeswift as well as your deployed Makeswift applications.

To avoid exposure, Next.js and React need to be updated to their latest patched versions. Here’s what else you need to know specific to Makeswift

Actions we are taking

All affected Next.js applications at Makeswift have been upgraded to a patched version of Next.js, addressing the vulnerability.

Actions you need to take

For your deployed Makeswift applications, if you are using Next.js 13 through 16, you’ll need to upgrade to the latest patched version as soon as possible. For full patch details, you can refer to the Patched Versions table.