4 matches found
React Native Community CLI Server API Node.js Package 4.8.0 < 20.0.0 Remote Code Execution (CVE-2025-11953)
The version of the React Native Community CLI Server API Node.js Package installed on the remote host is 4.8.0 prior to 20.0.0. It is, therefore, affected by a remote code execution vulnerability: - The Metro Development Server, which is opened by the React Native Community CLI, binds to external...
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnChecksaid it first observed exploitation of CVE-2025-11953 aka Metro4Shell on December 21, 2025. With a...
Severe React Native Flaw Exposes Developer Systems to Remote Attacks
JFrog researchers found a critical RCE vulnerability CVE-2025-11953 in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw...
Exploit for CVE-2025-11953
React Native CLI Command Injection Demo CVE-2025-11953 ⚠...