Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk
Or Peles - JFrogPosted 4 Months Ago- When creating a React Native project looking, most developers use the package
react-native-community/cli. This will create a project structure with proper dependencies and configuration files. To start the application, usenpx react-native start. - When using the development server, React Native forwards commands to the
@react-native-community/clifrom a URL parameter inrunServer.js. The added middleware handler/open-urlwill open a URL via theopen()function in NodeJS. The whole reason behind this isn't explained in the article. - The
open()command is very versatile - for good or for bad. On Windows, the command is passed as arguments tocmdand executed usingchildProcess.spawn(). This also works for URLs, thanks to the default URL scheme handler. By placing a bash command here, it's possible to achieve RCE on the development machine via a single URL parameter. - On Unix-like Operating system, executing
open()expects separate strings for different parameters on the CLI, unlike Windows. So, this doesn't have an easy path to RCE. It can perform remote file loading viasmb://and execute a local file viafile://Wait, isn't this only on localhost? The dev server binds to0.0.0.0for some reason. What's hilarious about this is that there's a log message that says "Starting dev server on http://localhost:8081". Overall, a good post on the root cause of a pretty simple issue.
