The Hacker News
Details have emerged about a now-patched critical security flaw in the popular " @react-native-community/cli " npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions.
"The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli's development server, posing a significant risk to developers," JFrog Senior Security Researcher Or Peles said in a report shared with The Hacker News.
The vulnerability, tracked as CVE-2025-11953, carries a CVSS score of 9.8 out of a maximum of 10.0, indicating critical severity. It also affects the "@react-native-community/cli-server-api" package versions 4.8.0 through 20.0.0-alpha.2, and has b
Tech Times
PC World
Raw Story
CNN
@MSNBC Video
Fortune
The Babylon Bee
AlterNet
Columbia Daily Tribune Sports
Essentiallysports College Sports