Hackers Exploit Critical React Native CLI Flaw to Deploy Rust Malware Before Public Disclosure

Attackers are actively exploiting a critical vulnerability in the React Native CLI Metro server, identified as CVE-2025-11953. The exploitation occurred several weeks before the public disclosure of the vulnerability. Hackers used this flaw to execute remote commands and deploy malware developed in Rust. The vulnerability stems from the fact that the React Native CLI Metro development server binds by default to external interfaces, thus exposing the system to attacks. This exploitation demonstrates a targeted campaign using stealthy malware written in Rust.