{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/263614#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"## Overview\r\nThe npm package *expr-eval* is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input.\r\n\r\n## Description\r\n\r\nThe npm projects *expr-eval* and *expr-eval-fork* are JavaScript libraries used to parse and evaluate mathematical expressions, extending NLP applications that process mathematical expressions and their numerical data. This capability is particularly useful in generative AI systems that need to interpret mathematical expressions within user prompts. The `Parser` class and its `evaluate()` method is designed to provide user-defined expressions in a safer way than JavaScript’s native `eval()` function. This design choice is critical for npm-based projects, especially those running in server environments where access to a system's local resources could pose security risks. According to [npmjs.com](https://www.npmjs.com/package/expr-eval), *expr-eval* has over 250 dependent packages, including integrations such as *oplangchain*, a JavaScript implementation of the popular LangChain framework. The related project *expr-eval-fork* was created to address a prior [Prototype Pollution vulnerability (Issue #266)](https://github.com/silentmatt/expr-eval/issues/266) that remained unresolved in the original *expr-eval* repository, which appears to be unmaintained by the original author, with last release date of 2019-09-28.\r\n\r\n\r\nA newly discovered vulnerability allows an attacker to define arbitrary functions within the `context` object used by the parser. This capability can be exploited to inject malicious code that executes system-level commands, potentially accessing sensitive local resources or exfiltrating data. This issue has been patched via [Pull Request #288](https://github.com/silentmatt/expr-eval/pull/288). The vulnerability is tracked with [CVE-2025-12735](https://www.cve.org/CVERecord?id=CVE-2025-12735),  as well as the GitHub Advisory [GHSA-jc85-fpwf-qm7x](https://github.com/advisories/GHSA-jc85-fpwf-qm7x).  These identifiers enable automated tools such as `npm audit` to detect the vulnerability in affected projects. The [CVE-2025-13204](https://www.cve.org/CVERecord?id=CVE-2025-13204) has also been published for the earlier [Prototype Pollution vulnerability](Prototype Pollution vulnerability) identified in 2021 that is not fixed in *expr-eval*, however the *expr-eval-fork* released in 2024-01-10.  \r\n\r\n## Impact\r\n\r\nAn attacker with the ability to influence input fields processed by *expr-eval* can craft malicious payloads that trigger arbitrary command execution on the host system.  \r\nThis constitutes a *Technical Impact = Total* under the [SSVC](https://certcc.github.io/SSVC/reference/decision_points/technical_impact/) framework, meaning:\r\n> The vulnerability gives the adversary total control over the behavior of the software or total disclosure of all information on the affected system.\r\n\r\n## Solution\r\nDevelopers and Users are  advised either to:\r\n\r\n1. *Apply the security patch* from [Pull Request #288](https://github.com/silentmatt/expr-eval/pull/288), or  \r\n2. *Upgrade to the latest patched version* of the *expr-eval* or *expr-eval-fork* package as they become available. The newly released [expr-eval-fork 3.0.1](hhttps://www.npmjs.com/package/expr-eval-fork/v/3.0.1 ) has been tested to resolve this issue.\r\n\r\nNote: The patch introduces:\r\n\r\n* A defined *AllowList* of safe functions accessible via `evaluate()`\r\n* A mandatory *registration mechanism* for custom functions.\r\n* Updated test cases ensuring enforcement of these constraints can be understood and applied\r\n\r\n\r\n## Acknowledgements\r\nThanks to the reporter Jangwoo Choe (UKO)  for responsibly disclosing this issue. Thanks to [huydoppaze](https://github.com/huydoppaz) for improving the suggested patch. We also acknowledge *GitHub Security* and *npm* for their proactive security advisories and automated vulnerability audits. This document was written by Vijay Sarvepalli and Renae Metcalf.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/263614"},{"url":"https://github.com/silentmatt/expr-eval","summary":"https://github.com/silentmatt/expr-eval"},{"url":"https://github.com/jorenbroekema/expr-eval","summary":"https://github.com/jorenbroekema/expr-eval"},{"url":"https://www.npmjs.com/package/expr-eval-fork","summary":"https://www.npmjs.com/package/expr-eval-fork"},{"url":"https://www.npmjs.com/package/expr-eval","summary":"https://www.npmjs.com/package/expr-eval"},{"url":"https://github.com/silentmatt/expr-eval/pull/288","summary":"https://github.com/silentmatt/expr-eval/pull/288"},{"url":"https://github.com/silentmatt/expr-eval/issues/289","summary":"https://github.com/silentmatt/expr-eval/issues/289"}],"title":"Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution","tracking":{"current_release_date":"2025-12-09T15:19:56+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#263614","initial_release_date":"2025-11-07 21:48:35.687782+00:00","revision_history":[{"date":"2025-12-09T15:19:56+00:00","number":"1.20251209151956.6","summary":"Released on 2025-12-09T15:19:56+00:00"}],"status":"final","version":"1.20251209151956.6"}},"vulnerabilities":[{"title":"npm package `expr-eval` is vulnerable to Prototype Pollution.","notes":[{"category":"summary","text":"npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue."}],"cve":"CVE-2025-13204","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#263614"}]},{"title":"The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables.","notes":[{"category":"summary","text":"The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate() function and trigger arbitrary code execution."}],"cve":"CVE-2025-12735","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#263614"}]}],"product_tree":{"branches":[]}}