CVE-2025-12735

CRITICAL

expr-eval - RCE

Title source: llm

Description

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.

Exploits (3)

nomisec WORKING POC 2 stars

by alecasg555 · poc

https://github.com/alecasg555/safe-expr-eval

View Code ZIP pw:eip

nomisec WORKING POC

by AN5I · poc

https://github.com/AN5I/cve-2025-12735-expr-eval-rce

View Code ZIP pw:eip

nomisec WORKING POC

by alnashawatirohwederb2167-max · poc

https://github.com/alnashawatirohwederb2167-max/cve-2025-12735-expr-eval-rce

View Code ZIP pw:eip

References (9)

[Third Party Advisory] https://github.com/advisories/GHSA-jc85-fpwf-qm7x

[Product] https://github.com/jorenbroekema/expr-eval

[Product] https://github.com/silentmatt/expr-eval

[Issue Tracking, Patch] https://github.com/silentmatt/expr-eval/pull/288

[Third Party Advisory] https://kb.cert.org/vuls/id/263614

[Product] https://www.npmjs.com/package/expr-eval

[Product] https://www.npmjs.com/package/expr-eval-fork

[Third Party Advisory] https://www.kb.cert.org/vuls/id/263614

[Product] https://github.com/jorenbroekema/expr-eval/blob/460b820ba01c5aca6c5d84a7d4f1fa5d1913c67b/test/security.js

Scores

CVSS v3 9.8

EPSS 0.0010

EPSS Percentile 27.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (4)

jorenbroekema/javascript_expression_evaluator 3.0.0

npm/expr-eval 0npm

npm/expr-eval-fork 0 - 3.0.1npm

silentmatt/javascript_expression_evaluator < 2.0.2

Published Nov 05, 2025

Tracked Since Feb 18, 2026