CVE-2025-62162 | THREATINT

Description

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue.

PUBLISHED Reserved 2025-10-07 | Published 2025-10-10 | Updated 2025-10-10 | Assigner GitHub_M

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-20: Improper Input Validation

Product status

>= 0.10.0, < 0.11.4

affected

References

github.com/...l-rust/security/advisories/GHSA-wxwx-9fh7-5mrw

github.com/cel-rust/cel-rust/releases/tag/cel-v0.11.4

cve.org (CVE-2025-62162)

nvd.nist.gov (CVE-2025-62162)

Download JSON