CVE-2025-12735

CVSS 9.8 CRITICALEPSS 2.2%

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 2.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

05 Nov 2025Published on NVD

20 Nov 2025Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

expr-eval-fork · expr-eval-fork silentmatt · expr-eval

public PoCs found — 4

githubgithub.com/alecasg555/safe-expr-eval★ 4 githubgithub.com/alnashawatirohwederb2167-max/cve-2025-12735-expr-eval-rce★ 0 githubgithub.com/AN5I/cve-2025-12735-expr-eval-rce★ 0 cve_referencegithub.com/jorenbroekema/expr-eval/blob/460b820ba01c5aca6c5d84a7d4f1fa5d1913c67b/test/security.jsunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/advisories/GHSA-jc85-fpwf-qm7x https://github.com/jorenbroekema/expr-eval https://github.com/jorenbroekema/expr-eval/blob/460b820ba01c5aca6c5d84a7d4f1fa5d1913c67b/test/security.js https://github.com/silentmatt/expr-eval https://github.com/silentmatt/expr-eval/pull/288 https://kb.cert.org/vuls/id/263614 https://www.kb.cert.org/vuls/id/263614 https://www.npmjs.com/package/expr-eval https://www.npmjs.com/package/expr-eval-fork