{"id":16923,"date":"2025-11-07T11:43:25","date_gmt":"2025-11-07T03:43:25","guid":{"rendered":"https:\/\/www.quape.com\/?p=16923"},"modified":"2025-11-07T11:43:25","modified_gmt":"2025-11-07T03:43:25","slug":"cve-2025-11953-react-native-vulnerability","status":"publish","type":"post","link":"https:\/\/www.quape.com\/vi\/cve-2025-11953-react-native-vulnerability\/","title":{"rendered":"CVE-2025-11953 L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng c\u1ee7a React Native CLI"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><p>C\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n React Native c\u1ea7n ch\u00fa \u00fd ngay \u0111\u1ebfn CVE-2025-11953. L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt n\u00e0y \u0111\u01b0\u1ee3c t\u00ecm th\u1ea5y trong g\u00f3i @react-native-community\/cli, v\u00e0 v\u1edbi kho\u1ea3ng 2 tri\u1ec7u l\u01b0\u1ee3t t\u1ea3i xu\u1ed1ng m\u1ed7i tu\u1ea7n, n\u00f3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn m\u1ed9t s\u1ed1 l\u01b0\u1ee3ng l\u1edbn c\u00e1c d\u1ef1 \u00e1n. V\u1ea5n \u0111\u1ec1 n\u00e0y \u0111\u1ea1t \u0111i\u1ec3m 9,8\/10 tr\u00ean thang \u0111i\u1ec3m CVSS, g\u1ea7n nh\u01b0 l\u00e0 m\u1ee9c nghi\u00eam tr\u1ecdng nh\u1ea5t. \u0110i\u1ec1u \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m l\u00e0 k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 th\u1ef1c thi c\u00e1c l\u1ec7nh tr\u00ean m\u00e1y ph\u00e1t tri\u1ec3n c\u1ee7a b\u1ea1n m\u00e0 kh\u00f4ng c\u1ea7n b\u1ea5t k\u1ef3 th\u00f4ng tin x\u00e1c th\u1ef1c hay quy\u1ec1n truy c\u1eadp \u0111\u1eb7c bi\u1ec7t n\u00e0o. Ch\u00fang ch\u1ec9 c\u1ea7n \u1edf tr\u00ean c\u00f9ng m\u1ed9t m\u1ea1ng.<\/p>\n<p>C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt c\u1ee7a JFrog \u0111\u00e3 ph\u00e1t hi\u1ec7n ra l\u1ed7 h\u1ed5ng v\u00e0 \u0111\u00e3 h\u1ee3p t\u00e1c v\u1edbi Meta \u0111\u1ec3 kh\u1eafc ph\u1ee5c. L\u1ed7 h\u1ed5ng t\u1ed3n t\u1ea1i trong c\u00e1ch m\u00e1y ch\u1ee7 ph\u00e1t tri\u1ec3n Metro x\u1eed l\u00fd c\u00e1c y\u00eau c\u1ea7u \u0111\u1ebfn th\u00f4ng qua <code>\/m\u1edf-url<\/code> \u0111i\u1ec3m cu\u1ed1i.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">M\u1ee5c l\u1ee5c<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Chuy\u1ec3n \u0111\u1ed5i m\u1ee5c l\u1ee5c\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Chuy\u1ec3n \u0111\u1ed5i<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.quape.com\/vi\/cve-2025-11953-react-native-vulnerability\/#How_attackers_can_exploit_it\" >K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 khai th\u00e1c n\u00f3 nh\u01b0 th\u1ebf n\u00e0o<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.quape.com\/vi\/cve-2025-11953-react-native-vulnerability\/#Check_if_youre_affected\" >Ki\u1ec3m tra xem b\u1ea1n c\u00f3 b\u1ecb \u1ea3nh h\u01b0\u1edfng kh\u00f4ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.quape.com\/vi\/cve-2025-11953-react-native-vulnerability\/#Fix_it_now\" >S\u1eeda ngay b\u00e2y gi\u1edd<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.quape.com\/vi\/cve-2025-11953-react-native-vulnerability\/#Why_development_security_matters\" >T\u1ea1i sao an ninh ph\u00e1t tri\u1ec3n l\u1ea1i quan tr\u1ecdng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.quape.com\/vi\/cve-2025-11953-react-native-vulnerability\/#Better_security_practices\" >Th\u1ef1c h\u00e0nh b\u1ea3o m\u1eadt t\u1ed1t h\u01a1n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.quape.com\/vi\/cve-2025-11953-react-native-vulnerability\/#Protecting_your_production_systems\" >B\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng s\u1ea3n xu\u1ea5t c\u1ee7a b\u1ea1n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.quape.com\/vi\/cve-2025-11953-react-native-vulnerability\/#Take_action_today\" >H\u00e3y h\u00e0nh \u0111\u1ed9ng ngay h\u00f4m nay<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"How_attackers_can_exploit_it\"><\/span><strong>K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 khai th\u00e1c n\u00f3 nh\u01b0 th\u1ebf n\u00e0o<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Khi b\u1ea1n b\u1eaft \u0111\u1ea7u d\u1ef1 \u00e1n React Native c\u1ee7a m\u00ecnh v\u1edbi <code>npm b\u1eaft \u0111\u1ea7u<\/code> ho\u1eb7c c\u00e1c l\u1ec7nh t\u01b0\u01a1ng t\u1ef1, m\u00e1y ch\u1ee7 Metro s\u1ebd li\u00ean k\u1ebft v\u1edbi t\u1ea5t c\u1ea3 c\u00e1c giao di\u1ec7n m\u1ea1ng thay v\u00ec ch\u1ec9 localhost. H\u1ea7u h\u1ebft c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n kh\u00f4ng nh\u1eadn ra \u0111i\u1ec1u n\u00e0y.<\/p>\n<p>C\u00e1c <code>\/m\u1edf-url<\/code> \u0110i\u1ec3m cu\u1ed1i ch\u1ea5p nh\u1eadn c\u00e1c y\u00eau c\u1ea7u POST nh\u01b0ng kh\u00f4ng kh\u1eed tr\u00f9ng d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o \u0111\u00fang c\u00e1ch tr\u01b0\u1edbc khi chuy\u1ec3n \u0111\u1ebfn shell h\u1ec7 th\u1ed1ng. Ai \u0111\u00f3 trong m\u1ea1ng c\u1ee7a b\u1ea1n c\u00f3 th\u1ec3 g\u1eedi m\u1ed9t y\u00eau c\u1ea7u \u0111\u01b0\u1ee3c t\u1ea1o s\u1eb5n v\u1edbi c\u00e1c l\u1ec7nh \u0111\u1ed9c h\u1ea1i, v\u00e0 c\u00e1c l\u1ec7nh \u0111\u00f3 s\u1ebd ch\u1ea1y tr\u00ean m\u00e1y c\u1ee7a b\u1ea1n v\u1edbi quy\u1ec1n ng\u01b0\u1eddi d\u00f9ng c\u1ee7a b\u1ea1n.<\/p>\n<p>Theo <a href=\"https:\/\/jfrog.com\/blog\/cve-2025-11953-critical-react-native-community-cli-vulnerability\/\" target=\"_blank\" rel=\"noopener\">T\u01b0 v\u1ea5n b\u1ea3o m\u1eadt c\u1ee7a JFrog<\/a>, H\u1ec7 th\u1ed1ng Windows \u0111\u1eb7c bi\u1ec7t d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng khi th\u1ef1c thi to\u00e0n b\u1ed9 l\u1ec7nh, m\u1eb7c d\u00f9 macOS v\u00e0 Linux c\u0169ng c\u00f3 nguy c\u01a1.<\/p>\n<p>H\u00e3y ngh\u0129 v\u1ec1 nh\u1eefng g\u00ec \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef tr\u00ean m\u00e1y ph\u00e1t tri\u1ec3n c\u1ee7a b\u1ea1n. M\u00e3 ngu\u1ed3n, kh\u00f3a API, th\u00f4ng tin \u0111\u0103ng nh\u1eadp c\u01a1 s\u1edf d\u1eef li\u1ec7u, d\u1eef li\u1ec7u kh\u00e1ch h\u00e0ng \u0111\u1ec3 th\u1eed nghi\u1ec7m. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o t\u1ea5t c\u1ea3 nh\u1eefng d\u1eef li\u1ec7u n\u00e0y v\u00e0 \u0111i\u1ec1u \u0111\u00f3 c\u00f3 th\u1ec3 g\u00e2y ra h\u1eadu qu\u1ea3 nghi\u00eam tr\u1ecdng cho b\u1ea1n v\u00e0 c\u00f4ng ty c\u1ee7a b\u1ea1n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Check_if_youre_affected\"><\/span><strong>Ki\u1ec3m tra xem b\u1ea1n c\u00f3 b\u1ecb \u1ea3nh h\u01b0\u1edfng kh\u00f4ng<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>CVE-2025-11953 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn c\u00e1c phi\u00ean b\u1ea3n t\u1eeb 4.8.0 \u0111\u1ebfn 20.0.0-alpha.2 c\u1ee7a @react-native-community\/cli-server-api. Ch\u1ea1y l\u1ec7nh n\u00e0y trong th\u01b0 m\u1ee5c d\u1ef1 \u00e1n c\u1ee7a b\u1ea1n \u0111\u1ec3 ki\u1ec3m tra:<\/p>\n<pre><code class=\"language-bash\">danh s\u00e1ch npm @react-native-community\/cli-server-api\r\n<\/code><\/pre>\n<p>Ngo\u00e0i ra h\u00e3y ki\u1ec3m tra c\u00e0i \u0111\u1eb7t to\u00e0n c\u1ea7u:<\/p>\n<pre><code class=\"language-bash\">npm list -g @react-native-community\/cli-server-api\r\n<\/code><\/pre>\n<p>N\u1ebfu b\u1ea1n \u0111ang s\u1eed d\u1ee5ng Expo ho\u1eb7c m\u1ed9t framework kh\u00e1c kh\u00f4ng d\u1ef1a tr\u00ean Metro, c\u00f3 l\u1ebd b\u1ea1n v\u1eabn an to\u00e0n. N\u1ebfu kh\u00f4ng, b\u1ea1n c\u1ea7n c\u1eadp nh\u1eadt ngay l\u1eadp t\u1ee9c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Fix_it_now\"><\/span><strong>S\u1eeda ngay b\u00e2y gi\u1edd<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u1eadp nh\u1eadt l\u00ean phi\u00ean b\u1ea3n 20.0.0 ho\u1eb7c cao h\u01a1n:<\/p>\n<pre><code class=\"language-bash\">npm c\u00e0i \u0111\u1eb7t @react-native-community\/cli-server-api@latest\r\n<\/code><\/pre>\n<p>Th\u1ef1c hi\u1ec7n \u0111i\u1ec1u n\u00e0y cho m\u1ecdi d\u1ef1 \u00e1n React Native tr\u00ean m\u00e1y t\u00ednh c\u1ee7a b\u1ea1n, bao g\u1ed3m c\u1ea3 nh\u1eefng d\u1ef1 \u00e1n c\u0169 m\u00e0 b\u1ea1n ch\u01b0a \u0111\u1ed9ng \u0111\u1ebfn g\u1ea7n \u0111\u00e2y.<\/p>\n<p>N\u1ebfu b\u1ea1n kh\u00f4ng th\u1ec3 c\u1eadp nh\u1eadt ngay l\u1eadp t\u1ee9c, h\u00e3y s\u1eed d\u1ee5ng b\u1ea3n s\u1eeda l\u1ed7i t\u1ea1m th\u1eddi n\u00e0y:<\/p>\n<pre><code class=\"language-bash\">npx react-native start --host 127.0.0.1\r\n<\/code><\/pre>\n<p>T\u00ednh n\u0103ng n\u00e0y ch\u1ec9 gi\u1edbi h\u1ea1n m\u00e1y ch\u1ee7 \u1edf c\u00e1c k\u1ebft n\u1ed1i c\u1ee5c b\u1ed9, ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng cho \u0111\u1ebfn khi b\u1ea1n c\u00f3 th\u1ec3 c\u1eadp nh\u1eadt \u0111\u00fang c\u00e1ch.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Why_development_security_matters\"><\/span><strong>T\u1ea1i sao an ninh ph\u00e1t tri\u1ec3n l\u1ea1i quan tr\u1ecdng<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Nhi\u1ec1u nh\u00e0 ph\u00e1t tri\u1ec3n t\u1eadp trung n\u1ed7 l\u1ef1c b\u1ea3o m\u1eadt v\u00e0o h\u1ec7 th\u1ed1ng s\u1ea3n xu\u1ea5t m\u00e0 b\u1ecf qua m\u00f4i tr\u01b0\u1eddng ph\u00e1t tri\u1ec3n c\u1ee7a h\u1ecd. Tuy nhi\u00ean, m\u00e1y ph\u00e1t tri\u1ec3n l\u1ea1i l\u00e0 m\u1ee5c ti\u00eau \u0111\u00e1ng gi\u00e1 v\u00ec ch\u00fang th\u01b0\u1eddng ch\u1ee9a m\u00e3 ngu\u1ed3n ch\u01b0a ph\u00e1t h\u00e0nh, th\u00f4ng tin \u0111\u0103ng nh\u1eadp v\u00e0 quy\u1ec1n truy c\u1eadp v\u00e0o m\u1ea1ng n\u1ed9i b\u1ed9.<\/p>\n<p>Nghi\u00ean c\u1ee9u t\u1eeb <a href=\"https:\/\/owasp.org\/www-project-dependency-check\/\" target=\"_blank\" rel=\"noopener\">OWASP<\/a> cho th\u1ea5y c\u00e1c l\u1ed7 h\u1ed5ng trong c\u00e1c ph\u1ee5 thu\u1ed9c ph\u00e1t tri\u1ec3n \u0111ang tr\u1edf th\u00e0nh c\u00e1c h\u01b0\u1edbng t\u1ea5n c\u00f4ng ph\u1ed5 bi\u1ebfn. K\u1ebb t\u1ea5n c\u00f4ng bi\u1ebft r\u1eb1ng c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n th\u01b0\u1eddng c\u00f3 \u00edt bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt h\u01a1n tr\u00ean m\u00e1y c\u1ee5c b\u1ed9 so v\u1edbi m\u00e1y ch\u1ee7 s\u1ea3n xu\u1ea5t.<\/p>\n<p>M\u00f4i tr\u01b0\u1eddng ph\u00e1t tri\u1ec3n b\u1ecb x\u00e2m ph\u1ea1m c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn m\u00e3 ngu\u1ed3n b\u1ecb \u0111\u00e1nh c\u1eafp, ch\u00e8n c\u1eeda h\u1eadu, th\u00f4ng tin \u0111\u0103ng nh\u1eadp b\u1ecb x\u00e2m ph\u1ea1m v\u00e0 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng trong \u0111\u00f3 m\u00e3 \u0111\u1ed9c x\u00e2m nh\u1eadp v\u00e0o ph\u1ea7n m\u1ec1m h\u1ee3p ph\u00e1p.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Better_security_practices\"><\/span><strong>Th\u1ef1c h\u00e0nh b\u1ea3o m\u1eadt t\u1ed1t h\u01a1n<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>H\u00e3y c\u1eadp nh\u1eadt c\u00e1c ph\u1ee5 thu\u1ed9c c\u1ee7a b\u1ea1n th\u01b0\u1eddng xuy\u00ean. D\u00e0nh th\u1eddi gian m\u1ed7i th\u00e1ng \u0111\u1ec3 ch\u1ea1y <code>ki\u1ec3m to\u00e1n npm<\/code> v\u00e0 gi\u1ea3i quy\u1ebft m\u1ecdi l\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c t\u00ecm th\u1ea5y.<\/p>\n<p>N\u1ebfu c\u00f3 th\u1ec3, h\u00e3y s\u1eed d\u1ee5ng m\u1ea1ng ri\u00eang bi\u1ec7t ho\u1eb7c \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7, \u0111\u1eb7c bi\u1ec7t l\u00e0 \u1edf nh\u1eefng n\u01a1i c\u00f4ng c\u1ed9ng nh\u01b0 qu\u00e1n c\u00e0 ph\u00ea. VPN c\u00f3 th\u1ec3 h\u1ed7 tr\u1ee3 nh\u01b0ng kh\u00f4ng ho\u00e0n h\u1ea3o n\u1ebfu l\u1ed7 h\u1ed5ng cho ph\u00e9p khai th\u00e1c m\u1ea1ng c\u1ee5c b\u1ed9.<\/p>\n<p>S\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 qu\u00e9t t\u1ef1 \u0111\u1ed9ng trong quy tr\u00ecnh l\u00e0m vi\u1ec7c c\u1ee7a b\u1ea1n. Snyk, npm audit v\u00e0 c\u00e1c c\u00f4ng c\u1ee5 t\u01b0\u01a1ng t\u1ef1 c\u00f3 th\u1ec3 ph\u00e1t hi\u1ec7n s\u1edbm c\u00e1c v\u1ea5n \u0111\u1ec1. Khi b\u1ea1n th\u1ea5y c\u1ea3nh b\u00e1o b\u1ea3o m\u1eadt trong qu\u00e1 tr\u00ecnh c\u00e0i \u0111\u1eb7t, \u0111\u1eebng b\u1ecf qua ch\u00fang ch\u1ec9 \u0111\u1ec3 quay l\u1ea1i vi\u1ebft code.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Protecting_your_production_systems\"><\/span><strong>B\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng s\u1ea3n xu\u1ea5t c\u1ee7a b\u1ea1n<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1eb7c d\u00f9 vi\u1ec7c kh\u1eafc ph\u1ee5c c\u00e1c l\u1ed7 h\u1ed5ng ph\u00e1t tri\u1ec3n nh\u01b0 CVE-2025-11953 l\u00e0 r\u1ea5t quan tr\u1ecdng, nh\u01b0ng c\u00e1c trang web tr\u1ef1c tuy\u1ebfn c\u1ee7a b\u1ea1n c\u0169ng c\u1ea7n \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7. C\u00e1c trang web lu\u00f4n ph\u1ea3i \u0111\u1ed1i m\u1eb7t v\u1edbi c\u00e1c m\u1ed1i \u0111e d\u1ecda t\u1eeb ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i, tin t\u1eb7c v\u00e0 nhi\u1ec1u lo\u1ea1i khai th\u00e1c kh\u00e1c nhau c\u00f3 th\u1ec3 x\u00e2m ph\u1ea1m d\u1eef li\u1ec7u doanh nghi\u1ec7p v\u00e0 kh\u00e1ch h\u00e0ng c\u1ee7a b\u1ea1n.<\/p>\n<p>Vi\u1ec7c gi\u00e1m s\u00e1t v\u00e0 qu\u00e9t b\u1ea3o m\u1eadt th\u01b0\u1eddng xuy\u00ean gi\u00fap ph\u00e1t hi\u1ec7n c\u00e1c v\u1ea5n \u0111\u1ec1 tr\u01b0\u1edbc khi ch\u00fang tr\u1edf th\u00e0nh th\u1ea3m h\u1ecda. N\u1ebfu b\u1ea1n lo ng\u1ea1i v\u1ec1 b\u1ea3o m\u1eadt trang web ho\u1eb7c nghi ng\u1edd c\u00f3 \u0111i\u1ec1u g\u00ec \u0111\u00f3 kh\u00f4ng \u1ed5n, c\u00e1c d\u1ecbch v\u1ee5 b\u1ea3o m\u1eadt chuy\u00ean nghi\u1ec7p c\u00f3 th\u1ec3 x\u00e1c \u0111\u1ecbnh c\u00e1c m\u1ed1i \u0111e d\u1ecda v\u00e0 cung c\u1ea5p c\u00e1c gi\u1ea3i ph\u00e1p kh\u1eafc ph\u1ee5c r\u00f5 r\u00e0ng.<\/p>\n<p>C\u00e1c d\u1ecbch v\u1ee5 nh\u01b0 <a href=\"https:\/\/order.quape.com\/order\/hacked-website-recovery\/security-hardening\" target=\"_blank\" rel=\"noopener\">T\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt c\u1ee7a Quape<\/a> Cung c\u1ea5p gi\u1ea3i ph\u00e1p b\u1ea3o v\u1ec7 website to\u00e0n di\u1ec7n v\u1edbi ph\u00e2n t\u00edch chuy\u00ean s\u00e2u v\u00e0 gi\u00e1m s\u00e1t li\u00ean t\u1ee5c. Ph\u00f2ng ng\u1eeba lu\u00f4n ti\u1ebft ki\u1ec7m chi ph\u00ed h\u01a1n so v\u1edbi vi\u1ec7c x\u1eed l\u00fd vi ph\u1ea1m b\u1ea3o m\u1eadt sau khi n\u00f3 \u0111\u00e3 x\u1ea3y ra.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Take_action_today\"><\/span><strong>H\u00e3y h\u00e0nh \u0111\u1ed9ng ngay h\u00f4m nay<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>CVE-2025-11953 cho th\u1ea5y c\u00e1c c\u00f4ng c\u1ee5 ch\u00fang ta s\u1eed d\u1ee5ng h\u00e0ng ng\u00e0y c\u00f3 th\u1ec3 c\u00f3 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng. C\u1ed9ng \u0111\u1ed3ng React Native \u0111\u00e3 nhanh ch\u00f3ng v\u00e1 l\u1ed7i n\u00e0y, nh\u01b0ng vi\u1ec7c \u00e1p d\u1ee5ng b\u1ea3n v\u00e1 \u0111\u00f3 l\u00e0 tr\u00e1ch nhi\u1ec7m c\u1ee7a b\u1ea1n.<\/p>\n<p>H\u00e3y c\u1eadp nh\u1eadt d\u1ef1 \u00e1n c\u1ee7a b\u1ea1n ngay b\u00e2y gi\u1edd, \u0111\u1eebng \u0111\u1ec3 sau n\u00e0y. Ki\u1ec3m tra t\u1ea5t c\u1ea3 c\u00e1c c\u00e0i \u0111\u1eb7t React Native c\u1ee7a b\u1ea1n. H\u00e3y bi\u1ebfn vi\u1ec7c c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt th\u00e0nh m\u1ed9t ph\u1ea7n trong th\u00f3i quen th\u01b0\u1eddng xuy\u00ean c\u1ee7a b\u1ea1n thay v\u00ec ch\u1ec9 ngh\u0129 \u0111\u1ebfn khi c\u00f3 l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng \u0111\u01b0\u1ee3c \u0111\u01b0a tin.<\/p>\n<p>T\u00ednh \u0111\u1ebfn th\u00e1ng 11 n\u0103m 2025, v\u1eabn ch\u01b0a c\u00f3 b\u00e1o c\u00e1o r\u1ed9ng r\u00e3i n\u00e0o v\u1ec1 vi\u1ec7c khai th\u00e1c \u0111ang di\u1ec5n ra, nh\u01b0ng m\u00e3 b\u1eb1ng ch\u1ee9ng kh\u00e1i ni\u1ec7m \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00f4ng khai. M\u1ed9t khi th\u00f4ng tin \u0111\u00f3 \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1, ch\u1ec9 c\u00f2n l\u00e0 v\u1ea5n \u0111\u1ec1 th\u1eddi gian tr\u01b0\u1edbc khi k\u1ebb t\u1ea5n c\u00f4ng b\u1eaft \u0111\u1ea7u s\u1eed d\u1ee5ng n\u00f3.<\/p>\n<p>Lu\u00f4n c\u1eadp nh\u1eadt c\u00e1c khuy\u1ebfn c\u00e1o b\u1ea3o m\u1eadt cho c\u00e1c ph\u1ee5 thu\u1ed9c c\u1ee7a b\u1ea1n. \u00c1p d\u1ee5ng c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt k\u1ecbp th\u1eddi. Tu\u00e2n th\u1ee7 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt c\u01a1 b\u1ea3n. Nh\u1eefng \u0111i\u1ec1u n\u00e0y kh\u00f4ng c\u00f2n l\u00e0 t\u00f9y ch\u1ecdn \u0111\u1ed1i v\u1edbi c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n c\u00f3 tr\u00e1ch nhi\u1ec7m n\u1eefa.<\/p>","protected":false},"excerpt":{"rendered":"<p>React Native developers need to pay attention to CVE-2025-11953 right now. This security vulnerability was found in the @react-native-community\/cli package, and with around 2 million weekly downloads, it affects a massive number of projects. The issue scores 9.8 out of 10 on the CVSS scale, which is about as bad as it gets. What makes [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16995,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[93,24],"tags":[458],"class_list":["post-16923","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-server","tag-cve-2025-11953"],"_links":{"self":[{"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/posts\/16923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/comments?post=16923"}],"version-history":[{"count":0,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/posts\/16923\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/media\/16995"}],"wp:attachment":[{"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/media?parent=16923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/categories?post=16923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quape.com\/vi\/wp-json\/wp\/v2\/tags?post=16923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}