High severity7.5OSV Advisory· Published Oct 10, 2025· Updated Apr 15, 2026
CVE-2025-62162
CVE-2025-62162
Description
cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
celcrates.io | >= 0.10.0, < 0.11.4 | 0.11.4 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-wxwx-9fh7-5mrwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-62162ghsaADVISORY
- github.com/cel-rust/cel-rust/commit/9df9822d81d91a3ce0fc9f712f4574a659247be3ghsaWEB
- github.com/cel-rust/cel-rust/releases/tag/cel-v0.11.4nvdWEB
- github.com/cel-rust/cel-rust/security/advisories/GHSA-wxwx-9fh7-5mrwnvdWEB
News mentions
0No linked articles in our index yet.