{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13204", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2025-11-14T16:52:35.957Z", "datePublished": "2025-11-14T17:02:39.529Z", "dateUpdated": "2025-11-14T20:41:22.990Z"}, "containers": {"cna": {"title": "CVE-2025-13204", "descriptions": [{"lang": "en", "value": "npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue."}], "source": {"discovery": "EXTERNAL"}, "affected": [{"vendor": "silentmatt", "product": "expr-eval", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "2.0.2", "versionType": "custom"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')"}]}], "references": [{"url": "https://www.npmjs.com/package/expr-eval-fork"}, {"url": "https://github.com/silentmatt/expr-eval"}, {"url": "https://github.com/jorenbroekema/expr-eval"}, {"url": "https://www.huntr.dev/bounties/1-npm-expr-eval/", "tags": ["third-party-advisory"]}, {"url": "https://github.com/SECCON/SECCON2022_final_CTF/blob/main/jeopardy/web/babybox/solver/solver.py"}, {"url": "https://github.com/silentmatt/expr-eval/pull/252/files", "tags": ["patch"]}, {"url": "https://github.com/vladko312/extras/blob/f549d505af300fd74a01b46fab2102990ff1c14d/expr-eval.py", "tags": ["exploit"]}], "x_generator": {"engine": "VINCE 3.0.28", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-13204"}, "metrics": [{"other": {"type": "ssvcV2_0_0", "content": {"timestamp": "2025-11-07T15:47:01.238Z", "schemaVersion": "2.0.0", "selections": [{"values": [{"key": "P", "name": "Public PoC"}], "name": "Exploitation", "version": "1.1.0", "namespace": "ssvc", "definition": "The present state of exploitation of the vulnerability.", "key": "E"}, {"values": [{"key": "Y", "name": "Yes"}], "name": "Automatable", "version": "2.0.0", "namespace": "ssvc", "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "key": "A"}, {"values": [{"key": "T", "name": "Total"}], "name": "Technical Impact", "version": "1.0.0", "namespace": "ssvc", "definition": "The technical impact of the vulnerability.", "key": "TI"}]}}}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2025-11-14T20:20:20.104Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1321", "lang": "en", "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-14T20:36:54.382508Z", "id": "CVE-2025-13204", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-14T20:41:22.990Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-13204", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-14T20:36:54.382508Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1321", "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-14T20:39:10.929Z"}}], "cna": {"title": "CVE-2025-13204", "source": {"discovery": "EXTERNAL"}, "metrics": [{"other": {"type": "ssvcV2_0_0", "content": {"timestamp": "2025-11-07T15:47:01.238Z", "selections": [{"key": "E", "name": "Exploitation", "values": [{"key": "P", "name": "Public PoC"}], "version": "1.1.0", "namespace": "ssvc", "definition": "The present state of exploitation of the vulnerability."}, {"key": "A", "name": "Automatable", "values": [{"key": "Y", "name": "Yes"}], "version": "2.0.0", "namespace": "ssvc", "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?"}, {"key": "TI", "name": "Technical Impact", "values": [{"key": "T", "name": "Total"}], "version": "1.0.0", "namespace": "ssvc", "definition": "The technical impact of the vulnerability."}], "schemaVersion": "2.0.0"}}}], "affected": [{"vendor": "silentmatt", "product": "expr-eval", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.0.2"}]}], "references": [{"url": "https://www.npmjs.com/package/expr-eval-fork"}, {"url": "https://github.com/silentmatt/expr-eval"}, {"url": "https://github.com/jorenbroekema/expr-eval"}, {"url": "https://www.huntr.dev/bounties/1-npm-expr-eval/", "tags": ["third-party-advisory"]}, {"url": "https://github.com/SECCON/SECCON2022_final_CTF/blob/main/jeopardy/web/babybox/solver/solver.py"}, {"url": "https://github.com/silentmatt/expr-eval/pull/252/files", "tags": ["patch"]}, {"url": "https://github.com/vladko312/extras/blob/f549d505af300fd74a01b46fab2102990ff1c14d/expr-eval.py", "tags": ["exploit"]}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.28", "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-13204"}, "descriptions": [{"lang": "en", "value": "npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2025-11-14T20:20:20.104Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13204", "state": "PUBLISHED", "dateUpdated": "2025-11-14T20:41:22.990Z", "dateReserved": "2025-11-14T16:52:35.957Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2025-11-14T17:02:39.529Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:silentmatt:javascript_expression_evaluator:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "42044D1E-CC9F-4C3D-B832-9644D65BCCA1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue."}], "id": "CVE-2025-13204", "lastModified": "2026-01-08T18:28:13.923", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-14T17:16:01.603", "references": [{"source": "cret@cert.org", "tags": ["Product"], "url": "https://github.com/SECCON/SECCON2022_final_CTF/blob/main/jeopardy/web/babybox/solver/solver.py"}, {"source": "cret@cert.org", "tags": ["Product"], "url": "https://github.com/jorenbroekema/expr-eval"}, {"source": "cret@cert.org", "tags": ["Product"], "url": "https://github.com/silentmatt/expr-eval"}, {"source": "cret@cert.org", "tags": ["Patch", "Issue Tracking"], "url": "https://github.com/silentmatt/expr-eval/pull/252/files"}, {"source": "cret@cert.org", "tags": ["Product"], "url": "https://github.com/vladko312/extras/blob/f549d505af300fd74a01b46fab2102990ff1c14d/expr-eval.py"}, {"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.huntr.dev/bounties/1-npm-expr-eval/"}, {"source": "cret@cert.org", "tags": ["Product"], "url": "https://www.npmjs.com/package/expr-eval-fork"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1321"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "expr-eval: expr-eval: Prototype Pollution", "id": "2415051", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415051"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-915", "details": ["npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-13204", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Under investigation", "package_name": "rhelai3/bootc-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Under investigation", "package_name": "rhelai3/disk-image-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}], "public_date": "2025-11-14T17:02:39Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-13204\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13204\nhttps://github.com/jorenbroekema/expr-eval\nhttps://github.com/silentmatt/expr-eval\nhttps://www.npmjs.com/package/expr-eval-fork"], "threat_severity": "Important"}

{"created": "2025-11-15T22:07:49.573592+00:00", "updated": "2025-11-15T22:07:49.573620+00:00", "vendors": ["expr-eval_project", "expr-eval_project$PRODUCT$expr-eval"]}