CISA issues alert on expr-eval vulnerability enabling arbitrary code execution

The expr-eval JavaScript library, used for evaluating mathematical expressions in various software including Natural Language Processing (NLP) and Artificial Intelligence (AI) applications, contains a vulnerability that enables arbitrary code execution.

The projects expr-eval and its fork expr-eval-fork, which parse and evaluate mathematical expressions, rely on the Parser class and its evaluate() method to safely interpret user-defined inputs compared to JavaScript's native eval() function. Expr-eval has over 250 dependent packages, including oplangchain. The expr-eval-fork was created to address a Prototype Pollution issue (Issue #266) unresolved in the original expr-eval repository, which has not been updated since September 28, 2019. The recently discovered vulnerability (CVE-2025-12735) allows attackers to define arbitrary functions within the parser's context object, facilitating malicious code injection capable of executing system-level commands. This vulnerability, tracked by GitHub Advisory GHSA-jc85-fpwf-qm7x, has been addressed by Pull Request #288. Additionally, CVE-2025-13204 relates to the earlier Prototype Pollution vulnerability, which remains unpatched in expr-eval but was addressed in the expr-eval-fork release dated January 10, 2024.

This vulnerability permits attackers who can influence inputs processed by expr-eval to execute arbitrary commands on the host system, granting total control over software behavior or full disclosure of all information on the affected system, constituting a Technical Impact classified as Total under the SSVC framework.

The resolution involves applying the patch introduced by Pull Request #288 or upgrading to the latest patched versions of expr-eval or expr-eval-fork when available. The patch implements a defined AllowList of functions accessible via evaluate(), enforces mandatory registration for custom functions, and includes updated test cases to ensure these constraints are enforced.

Recognition is given to Jangwoo Choe for responsibly reporting the vulnerability, to huydoppaze for contributions enhancing the patch, and to GitHub Security and Network Performance Monitor (NPM) for their roles in issuing security advisories and performing automated vulnerability audits. This advisory was authored by Vijay Sarvepalli and Renae Metcalf.

JumpCloud Inc. adds Google Workspace as sponsor for JumpCloudLand 2026

Netskope publishes research on I&O readiness for AI ERA

Netskope reports rising C-suite expectations for I&O