CVE-2025-62162
BaseFortify
Publication date: 2025-10-10
Last updated on: 2025-10-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cel-rust | cel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the cel-rust Common Expression Language interpreter versions from 0.10.0 up to but not including 0.11.4. When parsing certain malformed CEL expressions, the parser can panic and terminate the process. This means that if an attacker sends specially crafted input expressions, they can cause the application using cel-rust to crash.
How can this vulnerability impact me? :
The vulnerability can be exploited by an attacker to cause a denial of service (DoS) by crashing the process that uses cel-rust to evaluate expressions. This is particularly impactful when the crate evaluates untrusted or user-supplied input, such as over an API, potentially making the service unavailable.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the cel-rust crate to version 0.11.4 or later, as this version fixes the vulnerability that causes the parser to panic and terminate the process when parsing certain malformed CEL expressions.