CISA updates on a vulnerability in expr-eval JavaScript library enabling code execution
The expr-eval JavaScript package, utilized for processing mathematical expressions in various applications including Natural Language Processing (NLP) and Artificial Intelligence (AI), contains a vulnerability that could permit an attacker to execute arbitrary code on affected systems.
The vulnerability, tracked as CVE-2025-12735, affects versions of the expr-eval and expr-eval-fork libraries which parse and evaluate mathematical expressions via the Parser class and its evaluate() method. These libraries serve to safely evaluate user-defined expressions, offering an alternative to JavaScript's native eval() function, especially in server-side environments to limit access to local resources. The vulnerability enables an attacker to supply maliciously crafted input that can define arbitrary functions in the parser's context object, potentially triggering system-level command execution. Additionally, CVE-2025-13204 references an earlier Prototype Pollution issue in expr-eval, unresolved in the original but addressed in expr-eval-fork as of the 2024-01-10 release. The fix for CVE-2025-12735 was merged via Pull Request #288. Both CVEs are cataloged in GitHub Advisory GHSA-jc85-fpwf-qm7x and are detectable through automated tools like Network Performance Monitor (NPM) audit.
Exploitation of this vulnerability allows an attacker with control over input fields processed by expr-eval to execute commands arbitrarily on the host system. This results in a total technical impact as defined by the SSVC framework, granting the attacker full control of software behavior or complete disclosure of system information.
To address this issue, developers and users are recommended to apply the security patch from Pull Request #288 or update to the latest secure versions of expr-eval or expr-eval-fork once available. The patch introduces an AllowList specifying safe functions accessible via evaluate(), a compulsory registration process for custom functions, and enhanced test cases enforcing these measures.
The vulnerability was disclosed by reporter Jangwoo Choe (UKO), with patch improvements contributed by user huydoppaze. Recognition is also extended to GitHub Security and NPM for their roles in issuing security advisories and enabling automated vulnerability detection. The advisory content was authored by Vijay Sarvepalli and Renae Metcalf.