CVE-2025-12735

CVSS 9.8 CRITICALEPSS 2.2%

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

expr-eval-fork · expr-eval-fork silentmatt · expr-eval

public PoCs found — 4

githubgithub.com/alecasg555/safe-expr-eval★ 4 githubgithub.com/alnashawatirohwederb2167-max/cve-2025-12735-expr-eval-rce★ 0 githubgithub.com/AN5I/cve-2025-12735-expr-eval-rce★ 0 cve_referencegithub.com/jorenbroekema/expr-eval/blob/460b820ba01c5aca6c5d84a7d4f1fa5d1913c67b/test/security.jsunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/advisories/GHSA-jc85-fpwf-qm7x https://github.com/jorenbroekema/expr-eval https://github.com/jorenbroekema/expr-eval/blob/460b820ba01c5aca6c5d84a7d4f1fa5d1913c67b/test/security.js https://github.com/silentmatt/expr-eval https://github.com/silentmatt/expr-eval/pull/288 https://kb.cert.org/vuls/id/263614 https://www.kb.cert.org/vuls/id/263614 https://www.npmjs.com/package/expr-eval https://www.npmjs.com/package/expr-eval-fork