Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Critical React Native Metro Dev Server Bug Under Attack

Unauthenticated attackers exploited CVE-2025-11953 to execute arbitrary code on 3,500 exposed React Native Metro servers across Windows, Linux, and macOS, researchers said.

Summary by The Register
: Too slow react-ion time

6 Articles

The RegisterThe Register
Center

Critical React Native Metro dev server bug under attack

: Too slow react-ion time

Read Full Article
BleepingComputerBleepingComputer
Center

Hackers exploit critical React Native Metro bug to breach dev systems

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux.

Read Full Article
technewstube.comtechnewstube.com

Critical React Native Metro dev server bug under attack as researchers scream into the void

Too slow react-ion time Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware to both Windows and Linux machines, and yet the in-the-wild attacks still haven't received the "broad public acknowledgement" that they should, according to security researchers. . . .

Read Full Article
cybernoz.comcybernoz.com

Hackers Exploiting React Native’s Metro Server in the Wild to Attack Developers - Cybernoz - Cybersecurity News

Threat actors are actively exploiting a critical remote code execution vulnerability in React Native’s Metro Development Server to deliver advanced malware payloads across Windows and Linux systems. VulnCheck’s Canary honeypot network first detected operational exploitation of CVE-2025-11953 dubbed “Metro4Shell” on December 21, 2025, with continued attacks observed in January 2026, yet the vulnerability remains largely unrecognized in public sec…

Read Full Article
IT Security News - cybersecurity, infosecurity newsIT Security News - cybersecurity, infosecurity news

Critical React Native Vulnerability Exploited in the Wild

Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware. The post Critical React Native Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Critical React Native Vulnerability Exploited in the Wild The post Critical React Native Vulnerability Exploited in the Wild appeared first on IT Security N…

Read Full Article
The Hacker NewsThe Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Tuesday, February 3, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Windows icon

Windows

Cyberattacks icon

Cyberattacks

Linux icon

Linux

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal