A critical remote code execution vulnerability has been discovered in the widely used JavaScript library expr-eval, affecting thousands of projects that rely on it for mathematical expression evaluation and natural language processing.
The vulnerability, tracked as CVE-2025-12735, poses significant risks to server environments and to AI-powered applications that process user input.
| Identifier | Value |
|---|---|
| CVE ID | CVE-2025-12735 |
| GitHub Advisory | GHSA-jc85-fpwf-qm7x |
| CERT/CC Note | VU#263614 |
| Disclosure Date | November 7, 2025 |
The library’s widespread adoption makes this vulnerability particularly concerning for organizations running NLP and AI applications in production environments.
Technical Details
The vulnerability stems from a design flaw in the Parser class’s evaluate() method. An attacker can exploit this flaw by defining arbitrary functions within the parser’s context object.
By crafting malicious payloads from user-controlled input, an attacker can execute system-level commands on the host system.
This could lead to unauthorized access to sensitive local resources, data exfiltration, or complete system compromise.
According to the SSVC framework, this vulnerability represents a Technical Impact = Total, meaning adversaries gain total control over the software’s behavior or achieve total disclosure of all system information. This severity level demands immediate action from affected organizations.
The vulnerability was disclosed on November 7, 2025, with the latest documentation updates arriving on November 9, 2025.
Security researcher Jangwoo Choe responsibly disclosed the issue from UKO, who worked with GitHub Security and npm on coordinated disclosure.
Developers and system administrators have two primary remediation paths:
Option 1: Apply the security patch from Pull Request #288 in the expr-eval repository. The patch introduces a defined allowlist of safe functions, mandatory registration mechanisms for custom functions, and updated test cases to enforce these constraints.
Option 2: Upgrade to the latest patched version of expr-eval or expr-eval-fork. Notably, expr-eval-fork v3.0.0 is available now and addresses this vulnerability.
This fork was created to resolve a prior Prototype Pollution vulnerability (Issue #266) that remained unaddressed in the unmaintained original repository.
Organizations using expr-eval should immediately audit their dependencies and prioritize patching.
Since the library is fundamental to many AI and NLP systems, implementing this fix quickly is essential before exploitation becomes widespread.
Use automated tools like npm audit to identify affected versions across your infrastructure and implement updates as soon as patches are deployed to production systems.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.