A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.
References
History

Tue, 26 Aug 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Openrobotics
Openrobotics robot Operating System
CPEs cpe:2.3:o:openrobotics:robot_operating_system:indigo_igloo:*:*:*:*:*:*:*
cpe:2.3:o:openrobotics:robot_operating_system:kinetic_kame:*:*:*:*:*:*:*
cpe:2.3:o:openrobotics:robot_operating_system:melodic_morenia:*:*:*:*:*:*:*
cpe:2.3:o:openrobotics:robot_operating_system:noetic_ninjemys:*:*:*:*:*:*:*
Vendors & Products Openrobotics
Openrobotics robot Operating System

Thu, 17 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 17 Jul 2025 19:30:00 +0000

Type Values Removed Values Added
Description A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.
Title Unsafe use of eval() method in rosbag tool
Weaknesses CWE-94
CWE-95
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2025-07-18T08:05:27.171Z

Reserved: 2025-04-16T22:19:19.339Z

Link: CVE-2025-3753

cve-icon Vulnrichment

Updated: 2025-07-17T20:38:20.644Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-17T20:15:29.683

Modified: 2025-08-26T17:51:21.497

Link: CVE-2025-3753

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.