High severity7.8NVD Advisory· Published Jul 17, 2025· Updated Jun 17, 2026
CVE-2024-41921
CVE-2024-41921
Description
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=Noetic Ninjemys
- Open Source Robotics Foundation/Robot Operating System (ROS)v5Range: Noetic Ninjemys
Patches
Vulnerability mechanics
References
1- www.ros.org/blog/noetic-eol/nvdProduct
News mentions
0No linked articles in our index yet.