VYPR
High severity7.8NVD Advisory· Published Jul 17, 2025· Updated Jun 17, 2026

CVE-2024-41921

CVE-2024-41921

Description

A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Range: <=Noetic Ninjemys
  • ROS/rostopicllm-fuzzy
    Range: <=Noetic Ninjemys
  • Open Source Robotics Foundation/Robot Operating System (ROS)v5
    Range: Noetic Ninjemys

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.