CVE-2025-1302

Name of the Vulnerable Software and Affected Versions jsonpath-plus versions prior to 10.3.0

Description The issue is caused by improper input sanitization, allowing an attacker to execute arbitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. This is a result of an incomplete fix for a previous issue. The vulnerability can lead to Remote Code Execution (RCE).

Recommendations For versions prior to 10.3.0, update to version 10.3.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of eval='safe' mode until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation. Avoid using unsanitized input in the jsonpath-plus package until the issue is resolved.