CVE-2025-62162: 
Rust vulnerability analysis and mitigation

The cel-rust Common Expression Language interpreter, written in Rust, contains a vulnerability (CVE-2025-62162) that affects versions 0.10.0 through 0.11.4. The vulnerability was discovered and disclosed on October 10, 2025, impacting systems that use the cel-rust crate to evaluate untrusted expressions. The issue allows attackers to cause a denial of service by submitting malformed CEL expressions that trigger a parser panic, effectively terminating the process (GitHub Advisory).

The vulnerability stems from improper input validation (CWE-20) in the cel-rust parser's handling of malformed CEL expressions. When parsing certain invalid expressions, the code generated by the ANTLR parser generator fails to properly handle error states, leading to an unreachable code panic. The vulnerability has been assigned a CVSS v3.1 score of 7.5 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely with low attack complexity and requires no privileges or user interaction (GitHub Advisory).

When the cel-rust crate is used to evaluate untrusted expressions, such as user-supplied input over an API, an attacker can trigger a denial of service (DoS) condition by sending crafted malformed input. This results in the termination of the process, affecting the availability of the service (GitHub Advisory).

Users should upgrade to version 0.11.4 of the cel-rust crate, which contains the fix for this vulnerability. This can be done by updating the dependency in the project's Cargo.toml file to 'cel = "0.11.4"' (GitHub Release).