Intrusions leveraging the critical React Native Community CLI NPM package vulnerability, tracked as CVE-2025-11953, have been launched to compromise Windows and Linux systems with malware since late December, reports SecurityWeek.After initially targeting the flaw, which has been dubbed Metro4Shell, on Dec. 21, threat actors proceeded to exploit the issue again on Jan. 4 and Jan. 21 to facilitate the delivery of a multi-stage PowerShell-based loader, according to VulnCheck. Such a loader deactivates Microsoft Defender and ensures a raw TCP connection to the attacker-controlled host before retrieving and executing an illicit Rust-based payload with anti-analysis capabilities, with the integration of evasion tactics to the primary execution flow indicating attackers' expectation of endpoint security measures."CVE-2025-11953 is not remarkable because it exists. It is remarkable because it reinforces a pattern defenders continue to relearn. Development infrastructure becomes production infrastructure the moment it is reachable, regardless of intent," VulnCheck added.
Vulnerability Management, Patch/Configuration Management, Threat Intelligence
Attacks involving critical React Native bug target Windows, Linux systems

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



