A vulnerability in React Native's Metro Server, dubbed Metro4Shell, has been exploited in the wild since December 21, 2025. The flaw allows unauthenticated remote attackers to execute arbitrary OS commands on Windows systems. Exploitation involves a multi-stage PowerShell-based loader delivered through cmd.exe, which disables Microsoft Defender, establishes a connection to an attacker-controlled host, and executes a downloaded binary. The attacks originated from multiple IP addresses and targeted both Windows and Linux systems. Despite ongoing exploitation, the vulnerability has not received widespread public acknowledgment, highlighting the gap between actual threats and recognized risks in cybersecurity.