GLOBAL SITUATIONMONITORING

517 published briefsUTCWed, Apr 15 11:01:15

Intelligence Tag

expr-eval

JavaScript library expr-eval

1 intelligence brief← Intelligence Hub

Researcher Discovers Critical RCE (CVE-2025-12735) in expr-eval JavaScript Library

Security researcher Jangwoo Choe discovered a critical remote code execution (RCE) vulnerability, CVE-2025-12735, in the popular JavaScript library expr-eval. The flaw lets attackers execute arbitrary code and seize full control over hundreds of affected projects.

Peter Chofield

Nov 11, 2025

1–2 minutes