支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:752

75.2%
立即捐款

POC详情: e85764f22520b71f40ae26f09847e014378a55a5

来源
https://github.com/SaidBenaissa/cve-2025-11953-vulnerability-demo
关联漏洞
标题:React Native Community CLI 安全漏洞 (CVE-2025-11953)
描述:React Native Community CLI是React Native Community开源的一个命令行工具。 React Native Community CLI存在安全漏洞,该漏洞源于默认绑定外部接口且端点存在OS命令注入漏洞,可能导致未经验证的攻击者发送POST请求执行任意命令。
描述
CVE-2025-11953 demonstration: Critical RCE vulnerability in React Native CLI (CVSS 9.8). Educational security research with proof-of-concept exploits and mitigation strategies.
介绍
# React Native CLI Command Injection Demo (CVE-2025-11953)

## ⚠️ VULNERABILITY DEMONSTRATION ⚠️

**JFSA-2025-001495618** - Critical Command Injection in React Native CLI

- **CVE**: CVE-2025-11953
- **CVSS Score**: 9.8 (Critical)
- **Affected Package**: @react-native-community/cli-server-api
- **Vulnerable Versions**: [4.8.0, 20.0.0)
- **Discovery**: JFrog Security Research Team

## Vulnerability Summary

The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint (`/open-url`) that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables.

### Impact
- **Remote Code Execution (RCE)**
- **Command Injection**
- **No Authentication Required**
- **Network Accessible**

## Demo Structure

```
react-native-cli-command-injection-demo/
├── README.md                    # This file
├── vulnerable-setup/
│   ├── package.json            # Vulnerable version setup
│   ├── metro.config.js         # Metro configuration
│   └── start-vulnerable.js     # Script to start vulnerable server
├── exploit-examples/
│   ├── basic-exploit.sh        # Basic command injection example
│   ├── windows-exploit.sh      # Windows-specific exploit
│   ├── advanced-exploit.py     # Advanced exploitation script
│   └── payload-examples.json   # Various payload examples
├── secure-setup/
│   ├── package.json            # Fixed version setup
│   ├── metro.config.js         # Secure configuration
│   └── start-secure.js         # Secure server startup
└── mitigation/
    ├── SECURITY.md             # Security recommendations
    └── host-binding-examples.sh # Host binding examples
```

## Quick Start

### 1. Setup Vulnerable Environment
```bash
cd vulnerable-setup
npm install
npm run start:vulnerable
```

### 2. Run Exploit
```bash
cd exploit-examples
./basic-exploit.sh
```

### 3. Setup Secure Environment
```bash
cd secure-setup
npm install
npm run start:secure
```

## ⚠️ IMPORTANT SECURITY NOTICE

This demonstration is for educational purposes only. Do not use these examples in production environments or against systems you do not own. Always follow responsible disclosure practices.

## Links

- [JFrog Vulnerability Report](https://research.jfrog.com/vulnerabilities/react-native-cli-command-injection-jfsa-2025-001495618/)
- [JFrog Technical Blog](https://jfrog.com/blog/cve-2025-11953-critical-react-native-community-cli-vulnerability)
- [Fix Commit](https://github.com/react-native-community/cli/commit/15089907d1f1301b22c72d7f68846a2ef20df547)
文件快照

 [4.0K]  /data/pocs/e85764f22520b71f40ae26f09847e014378a55a5
├── [4.0K]  exploit-examples
│   └── [2.8K]  basic-exploit.sh
├── [5.9K]  full-demo.ps1
├── [1.3K]  LICENSE
├── [2.7K]  README.md
├── [6.2K]  realistic-attack-demo.ps1
├── [1.9K]  simple-test.ps1
├── [4.0K]  test-vulnerability.ps1
└── [4.0K]  vulnerable-setup
    ├── [ 745]  metro.config.js
    ├── [ 824]  package.json
    ├── [4.2K]  realistic-vulnerable-server.js
    └── [2.7K]  start-vulnerable.js

3 directories, 11 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。