A critical vulnerability (CVE-2025-11953) in React Native's Metro development server is being actively exploited to deliver malware to Windows and Linux systems. The flaw allows unauthenticated attackers to execute arbitrary commands via OS command injection through an exposed endpoint. Despite proof-of-concept exploits

3m read timeFrom go.theregister.com
Post cover image

Sort: