What is CVE-2025-12735?

CVE-2025-12735 is a critical security vulnerability in the expr-eval JavaScript library with a CVSS score of 9.8. The vulnerability is caused by insufficient input validation within the library's core Parser.evaluate() function, which fails to properly validate the variables or context object passed during expression evaluation. This allows attackers to define arbitrary functions within the context object and execute system-level commands with the privileges of the running application.

Which npm packages are affected by CVE-2025-12735?

Two related npm packages are affected: expr-eval, the original library with over 800,000 weekly downloads that appears to be unmaintained with the last stable release published six years ago, and expr-eval-fork, an actively maintained fork with over 80,000 weekly downloads that was created to address a prior Prototype Pollution vulnerability and has implemented the security fix in version 3.0.0.

What is expr-eval-fork?

expr-eval-fork is an actively maintained fork of the original expr-eval library. It was created to address a prior Prototype Pollution vulnerability (Issue #266) that remained unresolved in the original repository. The fork processes over 80,000 weekly downloads and has successfully implemented the security fix for CVE-2025-12735 in version 3.0.0.

How many packages depend on expr-eval?

More than 250 packages are dependent on expr-eval across the npm ecosystem. Notable dependencies include oplangchain, a JavaScript implementation of the popular LangChain framework used extensively in artificial intelligence application development.

Why is this vulnerability particularly concerning for AI systems?

The vulnerability is particularly concerning for AI and natural language processing systems because they frequently process untrusted user input, which is the exact attack vector exploited by CVE-2025-12735. Many AI systems, including those using oplangchain (a JavaScript implementation of LangChain), depend on expr-eval to interpret mathematical expressions within user prompts or chat interactions, making them vulnerable to this exploit.

What should users of expr-eval-fork do?

Development teams using expr-eval-fork should upgrade to version 3.0.0 as their highest priority security action. This version includes the integrated security fix for CVE-2025-12735.

Is the original expr-eval library still maintained?

No, the original expr-eval library appears to be unmaintained by its original author. The last stable release was published six years ago, and there is no indication of when security patches will be merged or released. The project's original maintainers have remained unresponsive to the current security vulnerability.

Advisory

Critical arbitrary code execution flaw reported in JavaScript expression parser expr-eval

Q: What is expr-eval?

expr-eval is a JavaScript expression parser and evaluator library originally developed by Matthew Crumley. It is designed to provide safer alternatives to JavaScript's native eval() function when processing user-supplied mathematical expressions at runtime. The library has become integral to numerous applications including online calculators, educational software suites, simulation tools, financial analysis platforms, and generative AI systems that interpret mathematical expressions within user prompts.

Q: How does the expr-eval vulnerability work?

The vulnerability allows attackers to influence input fields processed by expr-eval to define arbitrary functions within the context object used by the parser. Once injected, these malicious function objects are invoked by the parser during the evaluation process, enabling attackers to execute system-level commands with the privileges of the running application. This occurs because the Parser.evaluate() function fails to properly validate the variables or context object passed during expression evaluation.

Q: What types of applications are at risk from CVE-2025-12735?

Applications at immediate exploitation risk include web-based calculators accepting mathematical expressions from users, educational platforms processing student-submitted formulas, financial modeling tools evaluating user-defined calculations, and AI systems interpreting mathematical content from text prompts or chat interactions. Any application utilizing expr-eval for mathematical expression evaluation where user input influences the variables or context object passed to Parser.evaluate() faces risk.

Q: Has a fix been released for CVE-2025-12735?

Yes, a security fix has been released in Pull Request #288 in the expr-eval repository. The expr-eval-fork project has integrated the fix in version 3.0.0. Development teams using expr-eval-fork should upgrade to this patched version as their highest priority security action.

published: Nov. 10, 2025

Take action: If you use the expr-eval JavaScript library (or have dependencies that use it), be aware that uncontrolled user input can exploit a flaw and run arbitrary code. Sanitize user input as much as possible and plan a very quick switch to the actively maintained expr-eval-fork version 3.0.0 since the original package is not updated and still vulnerable to remote code execution. This is urgent if your application processes user-supplied mathematical expressions in calculators, educational tools, financial platforms, or AI systems like LangChain implementations.

Learn More

A critical security vulnerability is reported in the popular expr-eval JavaScript library. The expr-eval library, originally developed by Matthew Crumley, serves as a JavaScript expression parser and evaluator designed to provide safer alternatives to JavaScript's native eval() function when processing user-supplied mathematical expressions at runtime.

The library has become integral to numerous applications including online calculators, educational software suites, simulation tools, financial analysis platforms, and increasingly, generative AI systems that interpret mathematical expressions within user prompts.

The vulnerability is tracked as CVE-2025-12735 (CVSS score 9.8) and is caused by insufficient input validation within the expr-eval library's core Parser.evaluate() function. It fails to properly validate the variables or context object passed during expression evaluation and allows attackers to influence input fields processed by expr-eval to define arbitrary functions within the context object used by the parser. Once injected, these malicious function objects are invoked by the parser during the evaluation process, enabling attackers to execute system-level commands with the privileges of the running application.

The vulnerability affects two related npm packages that have achieved substantial adoption across the JavaScript development community:

expr-eval: The original library with over 800,000 weekly downloads on the NPM package registry. The last stable release was published six years ago, and the project appears to be unmaintained by its original author, with no indication of when security patches will be merged or released.
expr-eval-fork: An actively maintained fork created to address a prior Prototype Pollution vulnerability (Issue #266) that remained unresolved in the original repository. This fork processes over 80,000 weekly downloads and has successfully implemented the security fix in version 3.0.0.

More than 250 packages are dependent on expr-eval across the npm ecosystem including oplangchain, a JavaScript implementation of the popular LangChain framework used extensively in artificial intelligence application development. AI and natural language processing systems is particularly concerning frequently process untrusted user input, the exact attack vector exploited by CVE-2025-12735.

Applications utilizing expr-eval for mathematical expression evaluation in contexts where user input influences the variables or context object passed to Parser.evaluate() face immediate exploitation risk. This includes web-based calculators accepting mathematical expressions from users, educational platforms processing student-submitted formulas, financial modeling tools evaluating user-defined calculations, and AI systems interpreting mathematical content from text prompts or chat interactions.

A security fix has been released in Pull Request #288 in the expr-eval repository. The expr-eval-fork project has integrated the fix in version 3.0.0. Development teams using expr-eval-fork should upgrade to this patched version as their highest priority security action.

For users of the original expr-eval package, the situation is not so clear. The project's original maintainers have remained unresponsive, creating uncertainty about when, or if these patches will be merged into an official release. Developers and organizations currently depending on the original expr-eval package should plan migration to the actively maintained expr-eval-fork version 3.0.0 instead of waiting for an uncertain official patch release.

Critical arbitrary code execution flaw reported in JavaScript expression parser expr-eval

Read More
Four maximum severity issues reported in MLFlow
GitLab fixes critical security flaws in Community Edition …
Multiple critical vulnerabilities impacting LangChain generative AI framework
Critical flaw in pgAdmin 4 allows remote code …
CISA Warns of Active Exploitation in Apache ActiveMQ …