VU#263614: Vulnerability in expr-eval JavaScript library can lead to remote code execution.

Overview

The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input.

Description

The npm projects expr-eval and expr-eval-fork are JavaScript libraries used to parse and evaluate mathematical expressions, extending NLP applications that process mathematical expressions and their numerical data. This capability is particularly useful in generative AI systems that need to interpret mathematical expressions within user prompts. The Parser class and its evaluate() method is designed to provide user-defined expressions in a safer way than JavaScript’s native eval() function. This design choice is critical for npm-based projects, especially those running in server environments where access to a system’s local resources could pose security risks. According to npmjs.com, expr-eval has over 250 dependent packages, including integrations such as oplangchain, a JavaScript implementation of the popular LangChain framework. The related project expr-eval-fork was created to address a prior Prototype Pollution vulnerability (Issue #266) that remained unresolved in the original expr-eval repository, which appears to be unmaintained by the original author.

A newly discovered vulnerability allows an attacker to define arbitrary functions within the context object used by the parser. This capability can be exploited to inject malicious code that executes system-level commands, potentially accessing sensitive local resources or exfiltrating data. This issue has been patched via Pull Request #288. The vulnerability is tracked with CVE-2025-12735, as well as the GitHub Advisory GHSA-jc85-fpwf-qm7x. These identifiers enable automated tools such as npm audit to detect the vulnerability in affected projects.

Impact

An attacker with the ability to influence input fields processed by expr-eval can craft malicious payloads that trigger arbitrary command execution on the host system.
This constitutes a Technical Impact = Total under the SSVC framework, meaning:

The vulnerability gives the adversary total control over the behavior of the software or total disclosure of all information on the affected system.

Solution

Developers and Users are advised either to:

1. Apply the security patch from Pull Request #288, or
2. Upgrade to the latest patched version of the expr-eval or expr-eval-fork package as they become available.

Note: The patch introduces:

• A defined AllowList of safe functions accessible via evaluate()
• A mandatory registration mechanism for custom functions.
• Updated test cases ensuring enforcement of these constraints can be understood and applied

Acknowledgements

Thanks to the reporter Jangwoo Choe (UKO) for responsibly disclosing this issue. We also acknowledge GitHub Security and npm for their proactive security advisories and automated vulnerability audits. This document was written by Vijay Sarvepalli and Renae Metcalf.