CVE-2025-11953
Published Nov 3, 2025
Last updated 3 days ago
AI description
CVE-2025-11953 is a vulnerability in the `@react-native-community/cli` NPM package, specifically affecting versions 4.8.0 through 20.0.0-alpha.2. This flaw stems from the Metro development server, used by React Native, binding to external interfaces by default and exposing an "/open-url" endpoint susceptible to OS command injection. The vulnerability allows unauthenticated network attackers to send a POST request to the server, running arbitrary executables. On Windows, attackers can execute arbitrary shell commands with fully controlled arguments. While macOS and Linux systems have slightly more restricted exploitation paths, researchers believe arbitrary command execution is achievable. The package has been patched in version 20.0.0.
- Description
- The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
- Source
- reefs@jfrog.com
- NVD status
- Analyzed
- Products
- react_native_community_cli
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- React Native Community CLI OS Command Injection Vulnerability
- Exploit added on
- Feb 5, 2026
- Exploit action due
- Feb 26, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- reefs@jfrog.com
- CWE-78
- Hype score
- Not currently trending
🚨 React Native Community CLI (Metro4Shell) : Alerte Critique avec Exploitation Active de CVE-2025-11953 https://t.co/lGbBWkNESY
@NicolasCoolman
9 Feb 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog: CVE-2025-11953 (React Native CLI OS command injection) and CVE-2026-24423 (SmarterMail missing authentication). #VulnerabilityUpdate #SoftwareRisk https://t.co/YCHFkiEwSY
@TweetThreatNews
8 Feb 2026
176 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
So CISA just added CVE-2025-11953 to the KEV catalog and honestly this one caught my eye. React Native CLI. CVSS 9.8. Unauthenticated command injection. 2 million downloads a week. Thread 🧵👇
@SysTrack40
8 Feb 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Just learned: A critical RCE flaw (CVE-2025-11953) in the React Native CLI npm package was recently added to CISA's list of actively exploited vulnerabilities! If you're a React Native dev, make sure to apply the fixes by February 26th. Keeping our projects secure is key!
@AtworkCody
7 Feb 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Hackers Exploit Critical React Native Metro Flaw to Compromise Developer Systems (CVE-2025-11953) 🔗 https://t.co/7y9AAzzvZV #cybersecurity #infosec #threatintel https://t.co/RsHLxgXd3I
@zerodaywire
7 Feb 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
Heads up, dev friends! There's a critical security flaw in the React Native Metro dev server that hackers are actively exploiting to deliver malware to Windows and Linux machines. It's tracked as CVE-2025-11953. Make sure your projects are patched up! Stay safe out there.
@AtworkCody
6 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが2つの既知の脆弱性をカタログに追加 https://t.co/0Snq0txzN1 CVE-2025-11953 React NativeコミュニティCLI OSコマンドインジェクション脆弱性 CVE-2026-24423 SmarterTools SmarterMail の重要な機能の認証が欠落している脆弱性
@cloudsec_news
6 Feb 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Hackers managed to exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy #Rust #malware. #CyberSecurity #InfoSec https://t.co/w8xoXWO8mD https://t.co/P87EPC00WU
@twelvesec
6 Feb 2026
131 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Actively Exploited React Native CLI and SmarterMail Flaws to KEV — Patch Clock Starts Now CISA added CVE-2025-11953 (React Native Community CLI / Metro dev server OS command injection) and CVE-2026-24423 (SmarterMail unauthenticated RCE via ConnectToHub) to its K
@ThreatSynop
6 Feb 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-11953 React Native Community #CLI OS Command Injection Vulnerability https://t.co/Mwh3FElWh2
@ScyScan
6 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Flags Actively Exploited React Native CLI Command Injection (CVE-2025-11953) via Metro Dev Server CISA added CVE-2025-11953 to KEV after in-the-wild exploitation: attackers can send crafted POST requests to exposed React Native Metro Development Server endpoints to inje
@ThreatSynop
6 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Flags React Native Community CLI Command Injection (CVE-2025-11953) as Actively Exploited CISA added CVE-2025-11953 to the KEV catalog on Feb 5, 2026, warning attackers can hit exposed React Native Metro Development Servers with unauthenticated POST requests to execute
@ThreatSynop
6 Feb 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of React Native Community Command Injection Vulnerability Exploited in Attacks https://t.co/jk8L3dBTmm The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-11953 to its Known Exploited Vulnerabilities (KEV) catalog, flagging an OS comm
@f1tym1
6 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(2/5追加) 🛡️No.1507 CVE-2025-11953 React Native Community CLI OS Command Injection Vulnerability ============= CVSSスコア: 9.8 (Base) / JFrog CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/
@piyokango
6 Feb 2026
2978 Impressions
1 Retweet
8 Likes
1 Bookmark
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにReact Native Community CLIのCVE-2025-11953とSmarterMailのCVE-2026-24423を追加。対処期限は通常の2/26。SmarterMailはランサムウェアに
@__kokumoto
6 Feb 2026
645 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
CVE-2025-11953 has been published. React Native Community CLI OS Command Injection.... Add it to your patching queue if applicable. Details: https://t.co/c5dLy169H2 #CVE #InfoSec #ReactNativeCommunity
@TomarPrateek23
5 Feb 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added React Native community CLI vulnerability CVE-2025-11953 & SmarterTools SmarterMail vulnerability CVE-2026-24423 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cyber
@CISACyber
5 Feb 2026
3835 Impressions
9 Retweets
36 Likes
7 Bookmarks
3 Replies
0 Quotes
A major wake-up call for the React Native ecosystem! CVE-2025-11953, aka Metro4Shell, transforms a path traversal flaw in the Metro bundler into a full RCE. This research is a game-changer for supply chain risk and securing local dev environments! 🚀 #ReactNative #Metro4Shell
@multiverso_info
5 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Whoa, React Native devs! Just caught wind of a critical security flaw (CVE-2025-11953) in the Metro development server. Turns out, unauthenticated attackers can exploit it to run commands on your system. Definitely something to be aware of! Stay safe out there.
@AtworkCody
5 Feb 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 استغلال ثغرة React Native Metro لضرب أنظمة المطورين تم رصد استغلال ثغرة أمنية حرجة CVE-2025-11953 في Metro server الخاص بـ React Native. هذه الثغرة تسمح للمهاجمين بتوصيل حمولات
@MisbarSec
5 Feb 2026
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Active exploitation of CVE-2025-11953 (Metro4Shell) targets exposed React Native dev servers. Unauth RCE via Metro /open-url endpoint enables PowerShell loaders and deployment of cross-platform Rust malware. ~3,500 instances exposed. https://t.co/P1dQqokUOV
@MeridianEU
5 Feb 2026
87 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Today's Top Cybersecurity News – February 05, 2026 1. Critical Metro4Shell RCE Vulnerability Actively Exploited in React Native CLI The Metro4Shell vulnerability (CVE-2025-11953) in the React Native Metro Development Server is being actively exploited by threat actors to
@NewsNerdie
5 Feb 2026
63 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Metro4Shell exploited: React Native CLI flaw used to drop malware on Windows & Linux Attackers are exploiting CVE-2025-11953 (“Metro4Shell”) against exposed React Native development servers to deliver a multi-stage PowerShell loader that disables Microsoft Defender,
@ThreatSynop
5 Feb 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
React Native Metroの脆弱性CVE-2025-11953が悪用され、開発者環境への侵入が確認されているとのこと。約3,500台のサーバーが露出中です。開発環境のネットワーク分離と更新確認が急務です。 https://t.co/AMYrepJ61y #サ
@dejital_secure
4 Feb 2026
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 React2Shell: 1.4 MILHAO de tentativas de exploracao! Cryptominers e reverse shells sendo dropados via CVE-2025-11953. Dois IPs responsaveis pela maioria dos ataques. Fonte: SecurityWeek https://t.co/V5R0xUaE34
@colapsodigital
4 Feb 2026
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RCE vulnerability in React Native's Metro Server (CVE-2025-11953) actively exploited! Developers, update to @react-native-community/cli v20.0.0+ immediately. Link: https://t.co/lGHQu4icYc #Security #Vulnerability #Exploit #React #Update #Patch #Developers #Technology htt
@dailytechonx
4 Feb 2026
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 𝐇𝐨𝐭 𝐨𝐟𝐟 𝐭𝐡𝐞 𝐩𝐫𝐞𝐬𝐬: 𝐂𝐕𝐄 𝐢𝐧𝐬𝐢𝐠𝐡𝐭𝐬! Hackers breach developer systems using CVE-2025-11953 in React Native’s Metro. Discover how this critical flaw fuels cross-platform attacks. 🌐 Explore the write-
@PurpleOps_io
4 Feb 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Threat actors are weaponizing a critical remote code execution flaw (CVE-2025-11953) in the popular @react-native-community/cli npm package, allowing them to take full control of developer environments. This vulnerability, dubbed "Metro4Shell," poses a severe risk.
@gossy_84
4 Feb 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
THREAT ALERT: CVE-2025-11953 Metro4Shell actively exploited targeting React Native dev environments. 3,500+ exposed servers. Sovereign Protocol: Immediately audit all development endpoints, implement network segmentation, disable external Metro bindings. #TheSovereignProtocol
@sovereignexec
4 Feb 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Devs React Native: CVE-2025-11953 (Metro4Shell) RCE via Metro server - Windows e Linux. ~3.500 servidores expostos. Ataques ativos desde dezembro. Atualize para v20.0.0+ Fonte: BleepingComputer https://t.co/2FY1Ct60Oe
@colapsodigital
4 Feb 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Metro4Shell (CVE-2025-11953) actively exploited to drop stealthy Rust malware on developers’ machines Attackers are exploiting React Native’s Metro dev server via the unauthenticated /open-url command-injection flaw (default bind to 0.0.0.0), running a base64 PowerShell
@ThreatSynop
4 Feb 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️ Cybersecurity Developments in the Last 12 Hours ⚡️ 🛠️ Researchers warn a critical React Native Metro dev-server bug (CVE-2025-11953) is being exploited to execute commands and deliver multi-stage malware to Windows and Linux developer systems. 🏛️ CISA say
@greytech_ltd
4 Feb 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【リンク集:2月2日〜4日のセキュリティ関連ニュース/記事】 <脆弱性> ・React Native Metroの重大なバグを悪用し、ハッカーが開発システムに侵入(CVE-2025-11953) https://t.co/EK07RUrPcP ・米CISA、ランサムウェア感
@MachinaRecord
4 Feb 2026
171 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
React Native Metro সার্ভারে CVE-2025-11953(Metro4Shell)দুর্বলতা ব্যবহার করে হ্যাকাররা ডেভেলপারদের সিস্টেমে হামলা চালাচ্ছে। ডিসেম্ব
@mmmezbahahmmed
4 Feb 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
VulnCheck reveals CVE-2025-11953 (Metro4Shell) was exploited in the wild since Dec 2025. Attackers target Windows & Linux dev servers. Patch now. #Metro4Shell #CVE202511953 #CyberSecurity #VulnCheck #DevSecOps #InfoSec #Exploit https://t.co/3sfcMUyyaq
@the_yellow_fall
4 Feb 2026
738 Impressions
4 Retweets
16 Likes
1 Bookmark
1 Reply
0 Quotes
🚨React Native CLIに深刻な脆弱性発見! Metro4Shell(CVE-2025-11953)が悪用され、リモートからコード実行が可能に。影響を受ける方は早急なアップデートを!🛡️ あなたのプロジェクトは大丈夫? #セキュリティ #Reac
@motch_dev
4 Feb 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【サプライチェーン攻撃】React Native CLIの脆弱性「Metro4Shell」が実際の攻撃で悪用、開発環境が標的に サイバーセキュリティ企業VulnCheckは、React Native開発で広く使用されるnpmパッケージ「@react-native-community/cli
@nakajimeeee
4 Feb 2026
863 Impressions
3 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 React Native “Metro4Shell” exploited in the wild to drop stealthy Rust malware Attackers are exploiting CVE-2025-11953 in the React Native CLI Metro dev server (OS command injection via unauthenticated POST requests when Metro is internet-exposed) to run a multi-stage ba
@ThreatSynop
3 Feb 2026
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CYBER | Des hackers exploitent la faille critique CVE-2025-11953 dans le serveur Metro de React Native, ciblant les systèmes Windows et Linux des développeurs. (Exploitation active confirmée). https://t.co/pzXLB6GCPe
@ActuNumFR
3 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent reporting by BleepingComputer highlights a critical vulnerability in the React Native Metro server, CVE-2025-11953, which is being actively exploited by hackers to breach developer systems. While the technical details of the exploit are centered on a software flaw, the
@ox0ffff
3 Feb 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Earlier today, @Junior_Baines wrote about in-the-wild exploitation of React Metro Server CVE-2025-11953, which @VulnCheckAI's Canary Intelligence network has been observing since December. Analysis: https://t.co/PHomixa179
@catc0n
3 Feb 2026
2259 Impressions
5 Retweets
12 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 Metro4Shell (CVE-2025-11953): Active RCE attacks hit exposed React Native Metro dev servers Threat actors are exploiting CVE-2025-11953 (aka “Metro4Shell”) in the React Native Community CLI’s Metro development server to achieve unauthenticated OS command execution when
@ThreatSynop
3 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploit critical React Native Metro bug to breach dev systems Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in… https://t.co/kakoZdN5YH https://t.co/R2JRjGYAmm
@DConsultinguk
3 Feb 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure: Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are… https://t.co/xiEeeU3hwW
@shah_sheikh
3 Feb 2026
58 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers actively exploit Metro4Shell (CVE-2025-11953) to breach exposed React Native dev servers Threat actors are exploiting CVE-2025-11953 (CVSS 9.8) in the @react-native-community/cli Metro dev server to achieve unauthenticated RCE via the Metro interface, then launching
@ThreatSynop
3 Feb 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Active exploitation of Metro4Shell (CVE-2025-11953) hits React Native CLI npm package—critical 9.8 RCE flaw lets attackers run commands & drop Rust malware. Devs: patch now! Supply chain risks are real in 2026. #CyberSecurity #VulnCheck #npm https://t.co/Uy68a8ZSYr
@didehbanan
3 Feb 2026
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 𝐇𝐚𝐜𝐤𝐞𝐫𝐬 𝐞𝐱𝐩𝐥𝐨𝐢𝐭 𝐜𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐚𝐜𝐭 𝐍𝐚𝐭𝐢𝐯𝐞 𝐌𝐞𝐭𝐫𝐨 𝐛𝐮𝐠 𝐭𝐨 𝐛𝐫𝐞𝐚𝐜𝐡 𝐝𝐞𝐯 𝐬𝐲𝐬𝐭𝐞𝐦𝐬 • Threat actors are expl
@PurpleOps_io
3 Feb 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Researchers detect active exploitation of a critical React Native CLI flaw. CVE-2025-11953 allows unauthenticated OS command execution on exposed Metro dev servers, with attacks deploying PowerShell and a Rust payload. 🔗 Read → https://t.co/VsXqvmFIhv
@BountyHuntHack
3 Feb 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers exploit “Metro4Shell” (CVE-2025-11953) to take over exposed React Native dev machines Threat actors are abusing the React Native Metro bundler flaw (unauthenticated RCE via the /open-url endpoint when Metro is internet-exposed) to run PowerShell, add Microsoft De
@ThreatSynop
3 Feb 2026
51 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Critical RCE flaw (Metro4Shell/CVE-2025-11953, CVSS 9.8) in React Native CLI npm package is actively being exploited! Update now! Details: https://t.co/3p8pjxyGGg #Metro4Shell #RCE #ReactNativ #SecurityAlert
@0xT3chn0m4nc3r
3 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:react-native-community:react_native_community_cli:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99E1FC34-6FDB-45F5-841F-F96C5012DC5C",
"versionEndExcluding": "19.1.2",
"versionStartIncluding": "19.0.0"
},
{
"criteria": "cpe:2.3:a:react-native-community:react_native_community_cli:18.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C0FCA50-3DE2-4CD3-87AB-EA793072E856"
},
{
"criteria": "cpe:2.3:a:react-native-community:react_native_community_cli:20.0.0:alpha0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "681E0D24-769A-4A3C-B19A-B260114B7291"
},
{
"criteria": "cpe:2.3:a:react-native-community:react_native_community_cli:20.0.0:alpha1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3BBB26F-FAB1-49BB-A7EE-E9FDF0797B01"
},
{
"criteria": "cpe:2.3:a:react-native-community:react_native_community_cli:20.0.0:alpha2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84D809F4-D4FF-44F4-857F-294D208F5C9E"
}
],
"operator": "OR"
}
]
}
]