GLOBAL SITUATIONMONITORING

517 published briefsUTCSat, May 9 03:46:48

Intelligence Tag

expr-eval

JavaScript library expr-eval

1 intelligence brief← Intelligence Hub

Researcher Discovers Critical RCE (CVE-2025-12735) in expr-eval JavaScript Library

Security researcher Jangwoo Choe discovered a critical remote code execution (RCE) vulnerability, CVE-2025-12735, in the popular JavaScript library expr-eval. The flaw lets attackers execute arbitrary code and seize full control over hundreds of affected projects.

Peter Chofield

Nov 11, 2025

1–2 minutes