Flaw in React Native CLI opens dev servers to attacks

A critical remote-code execution (RCE) flaw in the widely used @react-native-community/cli (and its server API) lets attackers run arbitrary OS commands via the Metro development server, the default JavaScript bundler for React Native.

In essence, launching the development server through standard commands (eg, npm start or npx react-native start) could expose the machine to external attackers, because the server binds to all network interfaces by default (0.0.0.0), rather than limiting itself to “localhost” as it says in the console message.

According to JFrog researchers, the bug is a severe issue threatening developers of React Native apps. While exploitation on Windows is well-demonstrated (full OS command execution via unsafe open() call), the macOS/Linux paths are currently less straightforward–though the risk remains real and subject to further research.

A fix is available, but development teams must move fast, JFrog researchers warned in a blog post.

Weak development server defaults

The vulnerability arises because the Metro development server, which started using the CLI tool, exposes a “/open-url” HTTP endpoint that takes a URL parameter from a POST request and passes it directly to the “open()” function in the open NPM package. On Windows, this can spawn an “smd /c..” call, enabling arbitrary command execution.

Adding to the problem is a misconfiguration in the CLI, which prints that the server is listening on “localhost”, but under the hood, the host values end up undefined, and the server listens on 0.0.0.0 by default, opening it to all external networks.

This combination of insecure default binding and the flawed open() call creates the conditions for remote code execution, something rare and dangerous in a development-only tool.

“This vulnerability shows that even straightforward Remote Code Execution flaws, such as passing user input to the system shell, are still found in real-world software, especially in cases where the dangerous sink function actually resides in 3rd-party code, which was the imported “open” function in this case,” the researchers said.

The bug, tracked as CVE-2025-11953, is assigned a CVSS score of 9.8 out of 10, and affects versions 4.8.0 through 20.0.0-alpha.2.

What must developers do now?

Developers using @react-native-community/cli (or the bundled cli-server-api) in their React Native projects should check for the vulnerable package version on the npm list. The vulnerability is fixed in version 20.0.0 of cli-server-api, so immediate updating is recommended.

The stakes include an attacker remotely executing commands on the victim’s development machine, potentially leading to broader network access, code corruption, or injecting malicious payloads into an app build. If updating isn’t feasible right away, JFrog advised restricting the dev server to localhost by explicitly passing the “–host 127.0.0.1” flag to reduce exposure.

“It’s a reminder that secure coding practices and automated security scanning are essential for preventing these easily exploitable flaws before they make it to production,” the researchers said, recommending JFrog SAST for identifying issues early in the development process.

The React Native CLI flaw mirrors a broader trend of attackers slipping into developer ecosystems, from npm packages with hidden payloads to rogue “verified” IDE extensions, turning trusted build tools into stealthy points of entry.