Conversation
buherator
buherator
[RSS] Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk
https://jfrog.com/blog/CVE-2025-11953-critical-react-native-community-cli-vulnerability
"The Metro development server [..] binds to external interfaces by default [...] The server%27s /open-url endpoint handles a POST request that includes a user-input value that is passed to the unsafe open() function provided by the open NPM package, which will cause OS command execution."
https://jfrog.com/blog/CVE-2025-11953-critical-react-native-community-cli-vulnerability
"The Metro development server [..] binds to external interfaces by default [...] The server%27s /open-url endpoint handles a POST request that includes a user-input value that is passed to the unsafe open() function provided by the open NPM package, which will cause OS command execution."
0
0
0