CVE-2025-11953: The React Native Dev Server That Accepts Commands From Anyone on the Network
A critical RCE vulnerability in @react-native-community/cli let unauthenticated remote attackers execute arbitrary commands on the machine running the development server. 2 million weekly downloads. No authentication required.
Yumi Hirasako
Technical Writer
Developers think of their dev server as a local tool. It runs on their machine. It listens on localhost. Nobody else can reach it.
That assumption is mostly correct for most tools. It was not correct for the React Native CLI.
CVE-2025-11953 is a critical remote code execution vulnerability in @react-native-community/cli — the package that starts the Metro bundler when you run npm start in a React Native project. An unauthenticated attacker on the same network could send a request to that server and execute arbitrary commands on the developer's machine.
CVSS score: 9.8 — Critical.
2 million weekly downloads.
What the React Native CLI dev server actually does
When you run npm start, npm run android, or npx react-native start in a React Native project, the CLI launches the Metro bundler — a JavaScript bundler that compiles your app code, serves it to the connected device or emulator, and handles hot reloading.
The server exposes an HTTP interface. That interface is how the connected device asks for the latest bundle, how the reload signal gets sent, and how the dev tools communicate during development.
It was never designed to be a public server. The assumption was always: this runs on your machine, on your network, accessed only by your devices.
CVE-2025-11953 breaks that assumption. The vulnerability is in @react-native-community/cli-server-api — the package that handles incoming requests to that server. It processes requests from connected devices, and under vulnerable versions, it did not validate where those requests came from or what they contained.
How the exploit works
The Metro server exposes endpoints that accept device commands. In vulnerable versions of @react-native-community/cli-server-api, one of those endpoints accepted user-controlled input that was passed to an OS-level execution context without sanitization.
The behavior splits across two version ranges:
Versions 4.8.0 – 17.0.0:
An unauthenticated attacker can trigger execution of arbitrary executables already present on the machine. They can't supply arguments freely, which limits — but doesn't eliminate — what they can run. If a useful binary is on the machine (which on a developer machine, many are), this is already dangerous.
Versions 17.0.0 – 20.0.0-alpha.2:
Full arbitrary OS command execution with complete parameter control. An attacker can run any command they choose, with any arguments, as the user running the dev server. On a developer machine, that user typically has full access to the codebase, stored credentials, SSH keys, and cloud CLI configurations.
# What an attacker can do on a compromised developer machine:
cat ~/.ssh/id_rsa # steal SSH private keys
cat ~/.aws/credentials # steal AWS credentials
env # dump all environment variables
ls ~/ # enumerate home directoryNo authentication. No token. No session. Just a network request to the Metro server port — 8081 by default.
The second issue: the dev server isn't always localhost
The vulnerability in the CLI would be limited in scope if the Metro server was truly only reachable from the local machine. But JFrog's research identified a second issue in the React Native core codebase that changes this.
In some configurations, the Metro dev server binds to 0.0.0.0 instead of 127.0.0.1 — meaning it listens on all network interfaces, not just the loopback. On a developer machine connected to a corporate WiFi, a coffee shop network, or any shared environment, that means the server is reachable by any other device on the same network.
This is the combination that makes CVE-2025-11953 critical rather than just notable. The vulnerability is in the request handling. The network exposure means that vulnerability is reachable from outside the machine. Together: anyone on your network can execute commands on your laptop while you develop.
What a developer machine contains
The reason developer machine compromises are serious in a way that production server compromises sometimes aren't:
A production server typically has a narrow, defined set of credentials and access. It has one job. A developer machine is the opposite.
~/.ssh/ # SSH keys for every server you've ever connected to
~/.aws/credentials # AWS credentials, often admin or broad access
~/.config/gcloud/ # GCP credentials
~/.kube/config # Kubernetes cluster access
~/.gitconfig # Git configuration and potentially tokens
~/Documents/ # Everything
/usr/local/bin/ # All your CLI toolsPlus whatever is currently open: browser sessions, active terminal sessions, database clients connected to production, Slack with sensitive conversation history.
A developer machine is the most privileged endpoint in most organizations. It's also the one with the least enforced security posture.
How to check if you're affected
# Check your current version
npm list @react-native-community/cli-server-api| Version range | Behavior | Status |
|---|---|---|
| < 4.8.0 | Not affected | Safe |
| 4.8.0 – 16.x | Arbitrary executable execution | Vulnerable |
| 17.0.0 – 20.0.0-alpha.2 | Full RCE with parameter control | Critically vulnerable |
| 20.0.0+ | Fixed | Safe |
To update:
npm install @react-native-community/cli@latestAlso check whether you initiated your React Native project with a vulnerable version:
# If your project was created with a vulnerable CLI version, the server-api
# package may be bundled at that version even if you update the CLI globally
cd your-react-native-project
npm list @react-native-community/cli-server-apiThe server-api package is commonly bundled with the CLI at matching versions. Update it explicitly if needed:
npm install @react-native-community/cli-server-api@latestThree things to do today
1. Update @react-native-community/cli to version 20.0.0 or higher.
This is the fix. Run it in every React Native project you maintain, not just your current one. The vulnerable package may be present in projects you haven't touched in months that you still occasionally start up.
2. Never run the dev server on a public or shared network without a VPN.
Coffee shops, hotel WiFi, conference networks, and open corporate networks all expose your dev server to other devices. If your Metro server binds to 0.0.0.0 on one of those networks, it's reachable. Use a VPN when developing on any network you don't fully control.
3. Check what's exposed on port 8081 right now.
# See if anything is currently listening on Metro's default port
lsof -i :8081
# Check what interface it's bound to
# If it shows 0.0.0.0:8081 instead of 127.0.0.1:8081, it's network-exposedIf you see 0.0.0.0:8081 in the output while on a shared network, close the dev server and investigate your Metro configuration before restarting.
TL;DR
- CVE-2025-11953 is a critical RCE vulnerability in
@react-native-community/cli-server-api, CVSS 9.8, affecting versions 4.8.0 through 20.0.0-alpha.2. - An unauthenticated attacker on the same network can execute arbitrary commands on the machine running the React Native dev server.
- In versions 17.0.0+, full command execution with arbitrary parameters is possible. Earlier versions allow running existing executables on the machine.
- A second issue in React Native core can expose the Metro dev server on
0.0.0.0instead of localhost, making it reachable from the entire local network. - Developer machines are high-value targets: SSH keys, cloud credentials, database access, and full codebase access are all typically present.
- Fix: update
@react-native-community/cliandcli-server-apito version 20.0.0+.
FAQ
Does CVE-2025-11953 affect production React Native apps?
No. The vulnerability is in the development server — the Metro bundler CLI that runs when you execute npm start or npx react-native start. Production builds don't include the CLI server. The risk is to the developer's machine and local network, not to end users of the compiled app.
Am I vulnerable if I only run the dev server on localhost?
A dev server bound to localhost is normally only reachable from that machine. But a second issue in the React Native core codebase can expose the Metro server on 0.0.0.0 in some configurations — making it reachable from other devices on the same network. If you ever ran the dev server on a shared or public network, the attack surface was significantly larger than localhost.
Which versions of @react-native-community/cli are affected?
Versions 4.8.0 through 20.0.0-alpha.2 are affected. The fix is in version 20.0.0. Run npm list @react-native-community/cli-server-api in your project to check your current version.
Is this only a risk on Windows, or does it affect macOS and Linux too?
On Windows, full arbitrary OS command execution with complete parameter control was confirmed across the full affected version range. On macOS and Linux, versions 4.8.0 to 17.0.0 allow running existing executables with limited parameter control. From 17.0.0 onward, full command execution was also confirmed on macOS and Linux. All platforms should update.
Related Posts
CVE-2025-68664: Your LangChain Agent Can Be Prompted to Steal Its Own Secrets
A serialization flaw in langchain-core let attackers use prompt injection to make an AI agent extract and expose its own environment variables — including API keys for OpenAI, Anthropic, and database connections.
The npm Attack That Poisoned 2.6 Billion Weekly Downloads in Two Hours
In September 2025, attackers phished a single npm maintainer and pushed malicious code into chalk, debug, and 16 other packages. The payload silently rewrote crypto wallet transactions. It was live for two hours.
CVE-2025-29927: One HTTP Header That Unlocks Every Protected Route in Next.js
A single HTTP header bypassed every middleware-based authentication check in Next.js. No exploit code needed. No login required. Just one header and the dashboard was open.