**U.S. CISA Adds SmarterTools SmarterMail and React Native Community CLI Flaws to Its Known Exploited Vulnerabilities Catalog**

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken a crucial step in its ongoing effort to protect federal agencies and private organizations from cyber threats by adding two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

**React Native Community CLI Flaw Exposes Users to Remote Code Execution Attacks**

One of the newly added flaws, tracked as CVE-2025-11953, affects the React Native CLI's Metro development server. By default, this server binds to external interfaces and exposes a command injection flaw that can be exploited by unauthenticated attackers.

**"The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables," reads the advisory published by CISA.**

**VulnCheck Researchers Observe Real-World Attacks Weeks Before Disclosure**

Researchers at VulnCheck observed consistent, real-world attacks exploiting CVE-2025-11953 weeks before broad disclosure. The researchers spotted real-world exploitation of the flaw on December 21, 2025, and again in January, demonstrating that attackers have been actively using this vulnerability to run malicious code.

**Low EPSS Score Masks High-Risk Vulnerability**

Despite the observed attacks, the exploitation probability score (EPSS) assigned by VulnCheck is relatively low at 0.00405. This gap between observed exploitation and wider recognition highlights a critical issue: easy-to-exploit vulnerabilities like CVE-2025-11953 often remain under the radar until it's too late.

**SmarterTools SmarterMail Vulnerability Exposes Email Servers to Remote Code Execution Attacks**

The second newly added flaw, tracked as CVE-2026-24423, affects the SmarterMail email software developed by SmarterTools. The vulnerability, which was fixed in version Build 9511, allows attackers to run malicious code on affected systems.

**"SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method," reads the advisory published by CISA. "The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application."**

**Experts Warn of the Risks of Unaddressed Vulnerabilities**

Experts warn that failing to address vulnerabilities like these can have severe consequences, including data breaches and system compromise. In response to this threat, CISA has ordered federal agencies to fix the vulnerabilities by February 26, 2026.

**Recommendations for Private Organizations**

To protect their networks against attacks exploiting these flaws, experts recommend that private organizations review the KEV catalog and address the identified vulnerabilities in their infrastructure as soon as possible. By taking proactive steps to address these vulnerabilities, organizations can significantly reduce their risk of being compromised by attackers.

**Stay Informed with Our Social Media Channels**

Follow us on Twitter: @securityaffairs Join our Facebook community: [link] Connect with us on Mastodon: [link]

By staying informed about the latest cybersecurity threats and vulnerabilities, you can better protect your organization and stay ahead of cybercriminals.