You are currently viewing Critical NPM Package Vulnerability Puts AI and NLP Applications at Risk of Exploitation

Critical NPM Package Vulnerability Puts AI and NLP Applications at Risk of Exploitation

  • Post author:
  • Reading time:3 mins read

The discovery of CVE-2025-12735 reveals a critical remote code execution (RCE) weakness in the popular JavaScript expression-evaluation library expr-eval. Exploitation allows an attacker who can supply crafted input to influence the parser’s evaluation context and execute arbitrary system-level commands, putting servers and AI/NLP applications that evaluate user-provided expressions at immediate risk.

Vulnerability Details

Remote Code Execution (CVE-2025-12735)

The root cause is a design flaw in the library’s Parser (specifically the evaluate() function) that does not sufficiently limit or validate function objects provided via the variables/context parameter. An attacker can register or pass specially crafted functions in the evaluation context which the parser will invoke, enabling arbitrary JavaScript execution that can be escalated to system command execution in certain runtimes and hosting configurations.


An application that accepts user-supplied expressions or variables and calls parser.evaluate(userExpression, userVariables) without strictly validating/allowlisting functions can be tricked into invoking attacker-controlled code paths. In environments where the JS runtime or surrounding code exposes system interfaces, that can lead to execution of shell commands, file access, or data exfiltration. Public advisories and vendor notices describe the flaw as allowing arbitrary code execution via crafted variables/expressions.

Affected Products

  • expr-eval –All versions
  • expr-eval-fork — versions prior to 3.0.0 are vulnerable

Tactics, Techniques, and Procedures (TTPs)

  • TA0001 – Initial Access: Exploit public-facing application (T1190) by sending malicious input to an application using expr-eval.
  • TA0002 – Execution: Command and Scripting Interpreter (T1059), including Unix Shell (T1059.004) when the environment allows escalation to OS command execution.
    These mappings reflect the practical exploitation path: attacker-supplied expressions code execution in application context potential system command execution. (See public advisories and the NVD/GHSA advisory for technical context.)

Mitigations & Recommendations

  • Apply the patch referenced in the upstream fix (Pull Request #288): The patch enforces an allowlist of safe functions, requires explicit registration for custom functions, and adds tests to prevent unrestricted function invocation through evaluate(). If you maintain your own vendored copy, merge the PR or equivalent changes immediately.
  • Upgrade to the patched package: Upgrade to the patched release of expr-eval/expr-eval-fork (the fork’s v3.0.0 and corresponding patched versions are published). Use your package manager to update dependencies and rebuild/deploy. After upgrading, run your test suite and validate expression-handling code paths.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here