CVE-2025-11953

Aliases:GHSA-399j-vxmf-hjvr

Analyzed

Published: 03 Nov 2025, 16:35

Last modified:06 Feb 2026, 04:55

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.1 (cve.org)

EPSS Score

15.61% MEDIUM

16% probability +15.20%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

2 found

Dark Web

Not detected

Timeline

03 Nov 2025, 16:35

Published

Vulnerability first disclosed

05 Feb 2026, 00:00

Added to CISA KEV

React Native Community CLI OS Command Injection Vulnerability

06 Feb 2026, 04:55

Last Modified

Vulnerability information updated

26 Feb 2026, 00:00

CISA Remediation Due

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

CVSS Metrics

EPSS Trends

Weaknesses (CWE)

KEV Details

Exploits (2)

Affected Systems

References (16)