A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.ros.org/blog/noetic-eol/ |
![]() ![]() |
History
Tue, 26 Aug 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Openrobotics
Openrobotics robot Operating System |
|
CPEs | cpe:2.3:o:openrobotics:robot_operating_system:indigo_igloo:*:*:*:*:*:*:* cpe:2.3:o:openrobotics:robot_operating_system:kinetic_kame:*:*:*:*:*:*:* cpe:2.3:o:openrobotics:robot_operating_system:melodic_morenia:*:*:*:*:*:*:* cpe:2.3:o:openrobotics:robot_operating_system:noetic_ninjemys:*:*:*:*:*:*:* |
|
Vendors & Products |
Openrobotics
Openrobotics robot Operating System |
Thu, 17 Jul 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 17 Jul 2025 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code. | |
Title | Unsafe use of eval() method in rosbag tool | |
Weaknesses | CWE-94 CWE-95 |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: canonical
Published:
Updated: 2025-07-18T08:05:27.171Z
Reserved: 2025-04-16T22:19:19.339Z
Link: CVE-2025-3753

Updated: 2025-07-17T20:38:20.644Z

Status : Analyzed
Published: 2025-07-17T20:15:29.683
Modified: 2025-08-26T17:51:21.497
Link: CVE-2025-3753

No data.

No data.