Unsafe use of eval() method in rosbag tool_CVE-2025-3753

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.

Basic Information

ID CVE-2025-3753

Source canonical

Published Jul 17, 2025 at 19:14

Modified Jul 18, 2025 at 08:05

Affected Product

Vendor Open Source Robotics Foundation

Product Robot Operating System (ROS)

Version Noetic Ninjemys

Affected Versions Open Source Robotics Foundation Robot Operating System (ROS) Noetic Ninjemys
Open Source Robotics Foundation Robot Operating System (ROS) Melodic Morenia
Open Source Robotics Foundation Robot Operating System (ROS) Kinetic Kame
Open Source Robotics Foundation Robot Operating System (ROS) Indigo Igloo

CWE Classification

CWE-95 CWE-94

References

www.ros.org /blog/noetic-eol/

{
    "lastseen": "",
    "description": "A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.",
    "published": "2025-07-17T19:14:20.486Z",
    "modified": "2025-07-18T08:05:27.171Z",
    "type": "cve",
    "title": "Unsafe use of eval() method in rosbag tool",
    "source": "canonical",
    "references": "https://www.ros.org/blog/noetic-eol/",
    "id": "CVE-2025-3753",
    "bulletinFamily": "",
    "cwe": [
        "CWE-95",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Open Source Robotics Foundation Robot Operating System (ROS) Noetic Ninjemys\nOpen Source Robotics Foundation Robot Operating System (ROS) Melodic Morenia\nOpen Source Robotics Foundation Robot Operating System (ROS) Kinetic Kame\nOpen Source Robotics Foundation Robot Operating System (ROS) Indigo Igloo",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Robot Operating System (ROS)",
    "version": "Noetic Ninjemys",
    "vendor": "Open Source Robotics Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}