Unrated severityNVD Advisory· Published Jul 17, 2025· Updated Jul 18, 2025

Unsafe use of eval() method in rosbag tool

CVE-2025-3753

Description

A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code.

Affected products

ROS/rosbagllm-create
Range: <= Noetic Ninjemys
Open Source Robotics Foundation/Robot Operating System (ROS)v5
Range: Noetic Ninjemys

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ros.org/blog/noetic-eol/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000