A React Native vulnerability has been exploited in the wild.

Threat actors have been exploiting the critical React Native vulnerability CVE‑2025‑11953, enabling remote OS command execution via the Metro development server. Initial exploitation was observed on December 21, with continued activity on January 4 and 21, despite limited public awareness of the threat. Attackers used multi‑stage PowerShell loaders to disable Microsoft Defender and deploy Rust‑based malware across Windows and Linux systems. The flaw exposes thousands of internet‑accessible React Native instances, highlighting how development tools become risky once reachable externally.

Read more:

https://www.securityweek.com/critical-react-native-vulnerability-exploited-in-the-wild/