cel-rust May Panic During Parsing of Invalid CEL Expressions

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue.

Basic Information

ID CVE-2025-62162

Source GitHub_M

Published Oct 10, 2025 at 22:25

Affected Product

Vendor cel-rust

Product cel-rust

Version >= 0.10.0, < 0.11.4

Affected Versions cel-rust cel-rust >= 0.10.0, < 0.11.4

CWE Classification

CWE-20

References

{
    "lastseen": "",
    "description": "cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue.",
    "published": "2025-10-10T22:25:42.027Z",
    "modified": "2025-10-10T22:25:42.027Z",
    "type": "cve",
    "title": "cel-rust May Panic During Parsing of Invalid CEL Expressions",
    "source": "GitHub_M",
    "references": "https://github.com/cel-rust/cel-rust/security/advisories/GHSA-wxwx-9fh7-5mrw\nhttps://github.com/cel-rust/cel-rust/releases/tag/cel-v0.11.4",
    "id": "CVE-2025-62162",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "cel-rust cel-rust >= 0.10.0, < 0.11.4",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cel-rust",
    "version": ">= 0.10.0, < 0.11.4",
    "vendor": "cel-rust",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

cel-rust May Panic During Parsing of Invalid CEL Expressions_CVE-2025-62162