Critical Metro4Shell Vulnerability in React Native Actively Exploited by Cybercriminals

A critical vulnerability named Metro4Shell, referenced as CVE-2025-11953, affects the React Native ecosystem and is being actively exploited by cybercriminals. The flaw targets the Metro development server, which is used within React Native. No specific date of exploitation or disclosure is mentioned. The article states that malicious actors are leveraging this vulnerability but does not detail the concrete impacts or specific targets.