CVE-2025-12735 | THREATINT

Description

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.

PUBLISHED Reserved 2025-11-05 | Published 2025-11-05 | Updated 2025-11-22 | Assigner certcc

Problem types

CWE-94: Improper Control of Generation of Code (‘Code Injection’)

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)

Product status

Any version

affected

Any version

affected

Credits

This issue was reported by Jangwoo Choe (UKO) finder

Patch validation assistance provided by GitHub user huydoppaz. remediation verifier

References

github.com/...c5aca6c5d84a7d4f1fa5d1913c67b/test/security.js exploit

www.kb.cert.org/vuls/id/263614

github.com/silentmatt/expr-eval

github.com/jorenbroekema/expr-eval

www.npmjs.com/package/expr-eval-fork

www.npmjs.com/package/expr-eval

github.com/silentmatt/expr-eval/pull/288

github.com/advisories/GHSA-jc85-fpwf-qm7x (Github Security Advisory) third-party-advisory

kb.cert.org/vuls/id/263614 (CERT/CC Advisory) third-party-advisory

cve.org (CVE-2025-12735)

nvd.nist.gov (CVE-2025-12735)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu