CVE-2025-11953
Published Nov 3, 2025
Last updated a month ago
- Description
- The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
- Source
- reefs@jfrog.com
- NVD status
- Analyzed
- Products
- react_native_community_cli
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- React Native Community CLI OS Command Injection Vulnerability
- Exploit added on
- Feb 5, 2026
- Exploit action due
- Feb 26, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- reefs@jfrog.com
- CWE-78
- Hype score
- Not currently trending
Top 10 CVEs for ecosystem (30 days). CVE-2010-5139 CVE-2004-0200 CVE-2008-0015 CVE-2024-43468 CVE-2025-40551 CVE-2018-17144 CVE-2025-11953 CVE-2026-2441 CVE-2026-1731 https://t.co/cWlQJaYf4S #CyberInsights #SecurityUpdate #CyberTrends #TechSecurity #CyberNews #DataProtection
@vulnsocial
2 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hackers #Hackers managed to exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy #Rust #malware. #CyberSecurity #InfoSec https://t.co/gJRSRYaaaF https://t.co/YOcLUUYiDh
@white_cherry_1
24 Feb 2026
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 #React Native CLI, #OS Command Injection, #CVE-2025-11953 (Critical) https://t.co/M38S0wnBWR
@dailycve
18 Feb 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CRITICAL THREAT ALERT 🚨 🔍 Critical React Native Vulnerability Actively Exploited in the Wild CVE-2025-11953 — Critical OS command injection in React Native Community CLI's Metro Development Server /open-url endpoint (CVSS 9.8). Unauthenticated network attackers sen
@threadlinqs
17 Feb 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Your Precious Dev Tools Are Now Malware Delivery Vehicles While Prague Sips Lukewarm Pilsner A critical command injection vulnerability in the React Native Metro development server, tracked as CVE-2025-11953, is being actively exploited to compromise Windows and Linux
@Aftershockindex
15 Feb 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 26/02/05:React Native Community CLI の脆弱性 CVE-2025-11953 を登録 https://t.co/NxZAttuHAF この問題の原因は、React Nativeプロジェクトの管理に使われるCommunity
@iototsecnews
13 Feb 2026
140 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hey React Native friends, big news! A critical vulnerability (CVE-2025-11953) in the Metro dev server is under active attack right now. It allows remote code execution, so definitely update your projects and stay safe out there!
@AtworkCody
10 Feb 2026
48 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
React Native CLI Metro サーバの脆弱性 CVE-2025-11953:積極的な悪用を確認 https://t.co/w8wdYIC9DN この問題の原因は、React Native の開発を支える Metro サーバの脆弱性 CVE-2025-11953
@iototsecnews
10 Feb 2026
124 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
مهاجمان سایبری در حال سوءاستفاده از آسیبپذیری بحرانی CVE-2025-11953 (با نام مستعار Metro4Shell) در بسته npm محبوب "@react-native-community/cli" هستند. این نقص امنیتی که امتیاز CVSS آ
@Teeegra
9 Feb 2026
2051 Impressions
1 Retweet
33 Likes
15 Bookmarks
0 Replies
0 Quotes
🚨 React Native Community CLI (Metro4Shell) : Alerte Critique avec Exploitation Active de CVE-2025-11953 https://t.co/lGbBWkNESY
@NicolasCoolman
9 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog: CVE-2025-11953 (React Native CLI OS command injection) and CVE-2026-24423 (SmarterMail missing authentication). #VulnerabilityUpdate #SoftwareRisk https://t.co/YCHFkiEwSY
@TweetThreatNews
8 Feb 2026
208 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
So CISA just added CVE-2025-11953 to the KEV catalog and honestly this one caught my eye. React Native CLI. CVSS 9.8. Unauthenticated command injection. 2 million downloads a week. Thread 🧵👇
@SysTrack40
8 Feb 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Just learned: A critical RCE flaw (CVE-2025-11953) in the React Native CLI npm package was recently added to CISA's list of actively exploited vulnerabilities! If you're a React Native dev, make sure to apply the fixes by February 26th. Keeping our projects secure is key!
@AtworkCody
7 Feb 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Hackers Exploit Critical React Native Metro Flaw to Compromise Developer Systems (CVE-2025-11953) 🔗 https://t.co/7y9AAzzvZV #cybersecurity #infosec #threatintel https://t.co/RsHLxgXd3I
@zerodaywire
7 Feb 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
Heads up, dev friends! There's a critical security flaw in the React Native Metro dev server that hackers are actively exploiting to deliver malware to Windows and Linux machines. It's tracked as CVE-2025-11953. Make sure your projects are patched up! Stay safe out there.
@AtworkCody
6 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが2つの既知の脆弱性をカタログに追加 https://t.co/0Snq0txzN1 CVE-2025-11953 React NativeコミュニティCLI OSコマンドインジェクション脆弱性 CVE-2026-24423 SmarterTools SmarterMail の重要な機能の認証が欠落している脆弱性
@cybersecnews_jp
6 Feb 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Hackers managed to exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy #Rust #malware. #CyberSecurity #InfoSec https://t.co/w8xoXWO8mD https://t.co/P87EPC00WU
@twelvesec
6 Feb 2026
131 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Actively Exploited React Native CLI and SmarterMail Flaws to KEV — Patch Clock Starts Now CISA added CVE-2025-11953 (React Native Community CLI / Metro dev server OS command injection) and CVE-2026-24423 (SmarterMail unauthenticated RCE via ConnectToHub) to its K
@ThreatSynop
6 Feb 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-11953 React Native Community #CLI OS Command Injection Vulnerability https://t.co/Mwh3FElWh2
@ScyScan
6 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Flags Actively Exploited React Native CLI Command Injection (CVE-2025-11953) via Metro Dev Server CISA added CVE-2025-11953 to KEV after in-the-wild exploitation: attackers can send crafted POST requests to exposed React Native Metro Development Server endpoints to inje
@ThreatSynop
6 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Flags React Native Community CLI Command Injection (CVE-2025-11953) as Actively Exploited CISA added CVE-2025-11953 to the KEV catalog on Feb 5, 2026, warning attackers can hit exposed React Native Metro Development Servers with unauthenticated POST requests to execute
@ThreatSynop
6 Feb 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of React Native Community Command Injection Vulnerability Exploited in Attacks https://t.co/jk8L3dBTmm The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-11953 to its Known Exploited Vulnerabilities (KEV) catalog, flagging an OS comm
@f1tym1
6 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(2/5追加) 🛡️No.1507 CVE-2025-11953 React Native Community CLI OS Command Injection Vulnerability ============= CVSSスコア: 9.8 (Base) / JFrog CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/
@piyokango
6 Feb 2026
2978 Impressions
1 Retweet
8 Likes
1 Bookmark
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにReact Native Community CLIのCVE-2025-11953とSmarterMailのCVE-2026-24423を追加。対処期限は通常の2/26。SmarterMailはランサムウェアに
@__kokumoto
6 Feb 2026
645 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
CVE-2025-11953 has been published. React Native Community CLI OS Command Injection.... Add it to your patching queue if applicable. Details: https://t.co/c5dLy169H2 #CVE #InfoSec #ReactNativeCommunity
@TomarPrateek23
5 Feb 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added React Native community CLI vulnerability CVE-2025-11953 & SmarterTools SmarterMail vulnerability CVE-2026-24423 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cyber
@CISACyber
5 Feb 2026
3835 Impressions
9 Retweets
36 Likes
7 Bookmarks
3 Replies
0 Quotes
A major wake-up call for the React Native ecosystem! CVE-2025-11953, aka Metro4Shell, transforms a path traversal flaw in the Metro bundler into a full RCE. This research is a game-changer for supply chain risk and securing local dev environments! 🚀 #ReactNative #Metro4Shell
@multiverso_info
5 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Whoa, React Native devs! Just caught wind of a critical security flaw (CVE-2025-11953) in the Metro development server. Turns out, unauthenticated attackers can exploit it to run commands on your system. Definitely something to be aware of! Stay safe out there.
@AtworkCody
5 Feb 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 استغلال ثغرة React Native Metro لضرب أنظمة المطورين تم رصد استغلال ثغرة أمنية حرجة CVE-2025-11953 في Metro server الخاص بـ React Native. هذه الثغرة تسمح للمهاجمين بتوصيل حمولات
@MisbarSec
5 Feb 2026
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Active exploitation of CVE-2025-11953 (Metro4Shell) targets exposed React Native dev servers. Unauth RCE via Metro /open-url endpoint enables PowerShell loaders and deployment of cross-platform Rust malware. ~3,500 instances exposed. https://t.co/P1dQqokUOV
@MeridianEU
5 Feb 2026
87 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Today's Top Cybersecurity News – February 05, 2026 1. Critical Metro4Shell RCE Vulnerability Actively Exploited in React Native CLI The Metro4Shell vulnerability (CVE-2025-11953) in the React Native Metro Development Server is being actively exploited by threat actors to
@NewsNerdie
5 Feb 2026
63 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Metro4Shell exploited: React Native CLI flaw used to drop malware on Windows & Linux Attackers are exploiting CVE-2025-11953 (“Metro4Shell”) against exposed React Native development servers to deliver a multi-stage PowerShell loader that disables Microsoft Defender,
@ThreatSynop
5 Feb 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
React Native Metroの脆弱性CVE-2025-11953が悪用され、開発者環境への侵入が確認されているとのこと。約3,500台のサーバーが露出中です。開発環境のネットワーク分離と更新確認が急務です。 https://t.co/AMYrepJ61y #サ
@dejital_secure
4 Feb 2026
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 React2Shell: 1.4 MILHAO de tentativas de exploracao! Cryptominers e reverse shells sendo dropados via CVE-2025-11953. Dois IPs responsaveis pela maioria dos ataques. Fonte: SecurityWeek https://t.co/V5R0xUaE34
@colapsodigital
4 Feb 2026
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RCE vulnerability in React Native's Metro Server (CVE-2025-11953) actively exploited! Developers, update to @react-native-community/cli v20.0.0+ immediately. Link: https://t.co/lGHQu4icYc #Security #Vulnerability #Exploit #React #Update #Patch #Developers #Technology htt
@dailytechonx
4 Feb 2026
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 𝐇𝐨𝐭 𝐨𝐟𝐟 𝐭𝐡𝐞 𝐩𝐫𝐞𝐬𝐬: 𝐂𝐕𝐄 𝐢𝐧𝐬𝐢𝐠𝐡𝐭𝐬! Hackers breach developer systems using CVE-2025-11953 in React Native’s Metro. Discover how this critical flaw fuels cross-platform attacks. 🌐 Explore the write-
@PurpleOps_io
4 Feb 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Threat actors are weaponizing a critical remote code execution flaw (CVE-2025-11953) in the popular @react-native-community/cli npm package, allowing them to take full control of developer environments. This vulnerability, dubbed "Metro4Shell," poses a severe risk.
@gossy_84
4 Feb 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
THREAT ALERT: CVE-2025-11953 Metro4Shell actively exploited targeting React Native dev environments. 3,500+ exposed servers. Sovereign Protocol: Immediately audit all development endpoints, implement network segmentation, disable external Metro bindings. #TheSovereignProtocol
@sovereignexec
4 Feb 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Devs React Native: CVE-2025-11953 (Metro4Shell) RCE via Metro server - Windows e Linux. ~3.500 servidores expostos. Ataques ativos desde dezembro. Atualize para v20.0.0+ Fonte: BleepingComputer https://t.co/2FY1Ct60Oe
@colapsodigital
4 Feb 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Metro4Shell (CVE-2025-11953) actively exploited to drop stealthy Rust malware on developers’ machines Attackers are exploiting React Native’s Metro dev server via the unauthenticated /open-url command-injection flaw (default bind to 0.0.0.0), running a base64 PowerShell
@ThreatSynop
4 Feb 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️ Cybersecurity Developments in the Last 12 Hours ⚡️ 🛠️ Researchers warn a critical React Native Metro dev-server bug (CVE-2025-11953) is being exploited to execute commands and deliver multi-stage malware to Windows and Linux developer systems. 🏛️ CISA say
@greytech_ltd
4 Feb 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【リンク集:2月2日〜4日のセキュリティ関連ニュース/記事】 <脆弱性> ・React Native Metroの重大なバグを悪用し、ハッカーが開発システムに侵入(CVE-2025-11953) https://t.co/EK07RUrPcP ・米CISA、ランサムウェア感
@MachinaRecord
4 Feb 2026
171 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
React Native Metro সার্ভারে CVE-2025-11953(Metro4Shell)দুর্বলতা ব্যবহার করে হ্যাকাররা ডেভেলপারদের সিস্টেমে হামলা চালাচ্ছে। ডিসেম্ব
@mmmezbahahmmed
4 Feb 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
VulnCheck reveals CVE-2025-11953 (Metro4Shell) was exploited in the wild since Dec 2025. Attackers target Windows & Linux dev servers. Patch now. #Metro4Shell #CVE202511953 #CyberSecurity #VulnCheck #DevSecOps #InfoSec #Exploit https://t.co/3sfcMUyyaq
@the_yellow_fall
4 Feb 2026
738 Impressions
4 Retweets
16 Likes
1 Bookmark
1 Reply
0 Quotes
🚨React Native CLIに深刻な脆弱性発見! Metro4Shell(CVE-2025-11953)が悪用され、リモートからコード実行が可能に。影響を受ける方は早急なアップデートを!🛡️ あなたのプロジェクトは大丈夫? #セキュリティ #Reac
@motch_dev
4 Feb 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【サプライチェーン攻撃】React Native CLIの脆弱性「Metro4Shell」が実際の攻撃で悪用、開発環境が標的に サイバーセキュリティ企業VulnCheckは、React Native開発で広く使用されるnpmパッケージ「@react-native-community/cli
@nakajimeeee
4 Feb 2026
863 Impressions
3 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 React Native “Metro4Shell” exploited in the wild to drop stealthy Rust malware Attackers are exploiting CVE-2025-11953 in the React Native CLI Metro dev server (OS command injection via unauthenticated POST requests when Metro is internet-exposed) to run a multi-stage ba
@ThreatSynop
3 Feb 2026
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CYBER | Des hackers exploitent la faille critique CVE-2025-11953 dans le serveur Metro de React Native, ciblant les systèmes Windows et Linux des développeurs. (Exploitation active confirmée). https://t.co/pzXLB6GCPe
@ActuNumFR
3 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent reporting by BleepingComputer highlights a critical vulnerability in the React Native Metro server, CVE-2025-11953, which is being actively exploited by hackers to breach developer systems. While the technical details of the exploit are centered on a software flaw, the
@ox0ffff
3 Feb 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Earlier today, @Junior_Baines wrote about in-the-wild exploitation of React Metro Server CVE-2025-11953, which @VulnCheckAI's Canary Intelligence network has been observing since December. Analysis: https://t.co/PHomixa179
@catc0n
3 Feb 2026
2259 Impressions
5 Retweets
12 Likes
4 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:react-native-community:react_native_community_cli:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99E1FC34-6FDB-45F5-841F-F96C5012DC5C",
"versionEndExcluding": "19.1.2",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:react-native-community:react_native_community_cli:18.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0FCA50-3DE2-4CD3-87AB-EA793072E856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:react-native-community:react_native_community_cli:20.0.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "681E0D24-769A-4A3C-B19A-B260114B7291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:react-native-community:react_native_community_cli:20.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "D3BBB26F-FAB1-49BB-A7EE-E9FDF0797B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:react-native-community:react_native_community_cli:20.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "84D809F4-D4FF-44F4-857F-294D208F5C9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]