CVE-2025-3753

EUVD-2025-21808
A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
canonicalCNA
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ros-ros-comm
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
oracular
dne
plucky
dne
questing
dne
xenial
needs-triage
ros-kinetic-ros-comm
xenial
Fixed 1.12.17+9
released
ros-melodic-ros-comm
bionic
Fixed 1.14.13+5
released
ros-noetic-ros-comm
focal
Fixed 1.17.4+2
released
Common Weakness Enumeration
References
https://www.ros.org/blog/noetic-eol/