Security researchers have disclosed a critical remote code execution (RCE) vulnerability in the React Native command-line interface that could let unauthenticated attackers run arbitrary operating-system commands on developers' machines. The flaw, tracked as CVE-2025-11953 and scored 9.8 out of 10 on the CVSS scale, affects the widely used @react-native-community/cli and the @react-native-community/cli-server-api packages and was patched in version 20.0.0.

What happened

JFrog's security research team identified the vulnerability in the React Native CLI's development server (Metro) and reported it to maintainers before public disclosure. JFrog said the CLI package is downloaded roughly 1.5–2 million times per week and warned that the flaw "allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli's development server, posing a significant risk to developers," according to senior researcher Or Peles.

The bug affects @react-native-community/cli-server-api versions 4.8.0 through 20.0.0-alpha.2 and has been fixed in version 20.0.0 and later.

How the flaw works

Two factors combine to make this a critical remote issue:

  • The Metro development server exposes an /open-url endpoint that accepts POST requests containing user-supplied data.
  • That input is passed directly to the open() function provided by the third-party open NPM package, which executes system-level commands when invoked by the platform's URI handlers.

    • Because the server sometimes binds to external network interfaces by default (rather than localhost), endpoints that were expected to be local-only can be reachable from other machines. On Windows, researchers demonstrated full shell command execution with controllable arguments (for example spawning calc.exe or creating files). On macOS and Linux the exploitation vectors are more constrained but still potentially exploitable through crafted URI schemes or file handlers.

    Who is affected and how severe is the risk

  • Affected: Projects and developer machines running Metro via the vulnerable CLI packages (versions 4.8.0 through 20.0.0-alpha.2), including global installs.
  • Not affected: Projects that use alternative development servers (for example some frameworks like Expo that do not use Metro) are generally not impacted.
  • Severity: CVSS 9.8 (critical). The attack requires no authentication and can be performed over the network if the dev server is reachable.

    • Researchers and vendors warn that exploitation could lead to full compromise of developer workstations, exposure of source code, credentials, or other secrets that live on developer machines.

    Patch and immediate mitigations

    Meta's maintainers have released a fixed CLI in version 20.0.0. Developers should prioritize updating any vulnerable projects and global installs.

    Practical steps for developers:

  • Check if a project or your system has the vulnerable package installed:
    • - In a project: `npm list @react-native-community/cli-server-api` - Globally: `npm list -g @react-native-community/cli-server-api`
  • If vulnerable, update to the patched release: `npm install @react-native-community/[email protected]` (or update your project's React Native CLI to the latest published version).
  • If you cannot immediately upgrade, bind the development server to localhost as a workaround: `npx react-native start --host 127.0.0.1`.
  • Restrict access to development machines with host-level firewalls or network segmentation so Metro is not reachable from untrusted networks.

    • You can find React Native documentation and environment guidance on the official site: reactnative.dev. The affected NPM package page is also publicly available for version checks: npmjs.com/package/@react-native-community/cli-server-api.

    Perspectives and implications

    Security teams say the incident highlights two recurring problems in modern software development:

  • Dangerous "sinks" in third-party dependencies. Here the open() function from a separate package performed an unsafe operation that the CLI code passed input to without sanitization.
  • Unexpected network exposure of developer tooling. Tools intended for local development can become attack surfaces when they bind to 0.0.0.0 or are otherwise reachable beyond localhost.

    • JFrog researchers urged organizations to adopt automated supply-chain scanning and stricter review of build and dev dependencies to detect such issues earlier. The vulnerability also reinforces the value of limiting network access to developer environments and rotating or segregating secrets so a single compromised workstation does not lead to broader exposure.

    What developers and teams should do now

  • Audit repositories and CI builders for the vulnerable package and update to 20.0.0+.
  • Enforce local-only bindings for development servers by default and add network controls around developer hosts.
  • Run dependency scanning tools and integrate SBOMs (software bills of materials) into security workflows to catch risky transitive dependencies.
  • Revoke or rotate credentials that may have been exposed on developer machines if you suspect compromise.

This flaw is a reminder that developer tooling can be high-value attack targets. The patch is available, but teams should treat developer environments as part of their broader attack surface and apply both immediate mitigations and longer-term supply chain safeguards.

React NativeVulnerabilitySupply ChainRemote Code ExecutionJFrog

Related Articles