Hackers Exploit React Native Metro Bug to Breach Systems
🔓 Security researchers warn that attackers are exploiting the critical CVE-2025-11953 flaw in the React Native Metro server to drop malicious Windows and Linux payloads. The issue abuses the development-only /open-url HTTP endpoint, which accepts POST requests and can pass a user-supplied URL unsanitized to the system open() call. JFrog disclosed the bug and it was fixed in @react-native-community/cli-server-api v20.0.0+, but active exploitation (Metro4Shell) has been observed delivering base64 PowerShell stagers and UPX-packed binaries.
