← Menace / CVE-2025-11953
CVE-2025-11953
Critique
React Native Community CLI OS Command Injection Vulnerability.
React Native Community · CLI
Exploitabilité (EPSS)
62.4 %
percentile mondial 99
Sévérité (CVSS)
9.8
CVSS v3.1
Ajoutée au KEV
05 févr. 2026
échéance CISA · 26 févr. 2026
Description
React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute arbitrary shell commands with fully controlled arguments.
Action requise (CISA)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Familles de faiblesses
CWE-78 · Injection de commande système (OS)
Signal de priorisation (inspiré SSVC)
Examiner rapidement
Exploitation
Active (catalogue KEV)
Active (catalogue KEV)
Automatisable
Inconnu
Inconnu
Impact technique
Total
Total
Orientation, pas une décision : le 4ᵉ facteur SSVC (impact mission/société) dépend du contexte de votre organisation. Méthode ↗