Blog Home

Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk
November 04, 2025

The JFrog Security Research team recently discovered and disclosed CVE-2025-11953 – a critical (CVSS 9.8) security vulnerability affecting the extremely popular @react-native-community/cli NPM package that has approximately 2M weekly downloads. The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli’s development server, posing a significant risk to …

Read More
Remote MPC - Blog_Thumbnail

Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients
July 09, 2025

The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 – a critical (CVSS 9.6) security vulnerability in the mcp-remote project – a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted …

Read More

Popular Tags