Vulnerability Details CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.5%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/advisories/GHSA-jc85-fpwf-qm7x
- https://github.com/jorenbroekema/expr-eval
- https://github.com/silentmatt/expr-eval
- https://github.com/silentmatt/expr-eval/pull/288
- https://kb.cert.org/vuls/id/263614
- https://www.npmjs.com/package/expr-eval
- https://www.npmjs.com/package/expr-eval-fork
- https://www.kb.cert.org/vuls/id/263614
- https://github.com/jorenbroekema/expr-eval/blob/460b820ba01c5aca6c5d84a7d4f1fa5d1913c67b/test/security.js
Products affected by CVE-2025-12735
-
cpe:2.3:a:jorenbroekema:javascript_expression_evaluator:3.0.0
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:0.10.0
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:0.10.1
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:0.11.0
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:0.12.0
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:1.0.0
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:1.0.1
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:1.1.0
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:1.1.1
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:1.2.0
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:1.2.1
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:1.2.2
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:1.2.3
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:2.0.0
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:2.0.1
-
cpe:2.3:a:silentmatt:javascript_expression_evaluator:2.0.2