This week’s emergency release introduces a new detection signature that enhances coverage for a critical vulnerability in the React Native Metro Development Server, tracked as CVE-2025-11953.
Key Findings
The Metro Development Server exposes an HTTP endpoint that is vulnerable to OS command injection (CWE-78). An unauthenticated network attacker can send a crafted request to this endpoint and execute arbitrary commands on the host running Metro. The vulnerability affects Metro/cli-server-api builds used by React Native Community CLI in pre-patch development releases.
Impact
Successful exploitation of CVE-2025-11953 may result in remote command execution on developer workstations or CI/build agents, leading to credential and secret exposure, source tampering, and potential lateral movement into internal networks. Administrators and developers are strongly advised to apply the vendor’s patches and restrict Metro’s network exposure to reduce this risk.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | db6b9e1ac1494971ae8c70aac8e30c5b | N/A | React Native Metro – Command Injection – CVE:CVE-2025-11953 | N/A | Block | This is a New Detection |
Source: Cloudflare
![Microsoft Entra: Soft deletion and restoration for cloud security groups [MC1183299]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-no1379-32440666-96x96.webp "Microsoft Entra: Soft deletion and restoration for cloud security groups [MC1183299] 6")
